web stats
SMTP sender cannot find valid certificate - Mirth Community

Go Back   Mirth Community > Mirth Connect > Support

Reply
 
Thread Tools Display Modes
  #1  
Old 11-22-2013, 04:12 AM
lueckep lueckep is offline
OBX.2 Kenobi
 
Join Date: Jul 2011
Posts: 73
lueckep is on a distinguished road
Default SMTP sender cannot find valid certificate

Hello

I've got a locally hosted instance of Mirth Connect with a SMTP sender channel that attempts to connect to our Mirth Mail (Direct) server and have it send emails out for us. This channel has been running just fine but two days ago the certificate to our Mirth Mail domain (direct.mhin.com) expired. At that time I was unable to log into the Mirth Mail Appliance administrator without getting an error about the certificate. We renewed the certificate and I am now able to log into the administrator just fine. But... my SMTP sender channel can no longer connect to Mirth Mail. It gives the following error when it tries:
ERROR-402: SMTP connector error
ERROR MESSAGE: Error sending email message.
org.apache.commons.mail.EmailException: Sending the email to the following server failed : direct.mhin.com:587
...
Caused by: javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTrans port.java:1652)
...
My guess is that Mirth Connect has cached off the old certificate somewhere and is still trying to use it. Does anyone know if that's true? I don't see it in the Windows Cert Manager nor in the Mirth Connect truststore. Do I just need to reboot Mirth Connect? That's a huge inconvenience for us so I want to be sure that it will resolve the issue before I schedule it.

Thanks
-Pat
Reply With Quote
  #2  
Old 11-22-2013, 06:02 AM
narupley's Avatar
narupley narupley is offline
Mirth Employee
 
Join Date: Oct 2010
Posts: 7,126
narupley is on a distinguished road
Default

First, you can try from a different test instance, or even on a local instance of MC. If you're able to send out via SMTP there, that tells you that at least JavaMail is able to load the cert just fine, so I don't see any reason why it wouldn't also work on the production instance after the JVM is restarted.
__________________
Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

Nicholas Rupley
Work: 949-237-6069
Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


- How do I foo?
- You just bar.
Reply With Quote
  #3  
Old 11-22-2013, 11:36 AM
lueckep lueckep is offline
OBX.2 Kenobi
 
Join Date: Jul 2011
Posts: 73
lueckep is on a distinguished road
Default

Thanks but no luck. I tried it from another Mirth Connect server (one that has never connected to our direct.mhin.com server before) and got the same error. I tried restarting the Mirth service and when that didn't fix it, I rebooted the entire server. Still no luck.

I was thinking that the issue was that the old cert is cached off on our Mirth Connect server somewhere but now I wonder if there is more than one cert on our direct.mhin.com server and we only renewed one of them. Would there be different certs that handle whether or not I can visit direct.mhin.com on a browser and whether or not I can use SMTP/TLS to connect to it on port 587? The one we renewed was in our Mirth Mail appliance admin > system > certificates.
Reply With Quote
  #4  
Old 12-04-2013, 02:04 PM
brambleryan brambleryan is offline
What's HL7?
 
Join Date: Jul 2013
Posts: 2
brambleryan is on a distinguished road
Default

I'm having a similar problem, I think. I am unable to connect to an SMTP server on port 465. The requirement is to use TLS (although I do not see a TLS option, so I chose SSL). I am able to connect to this SMTP server from the Windows SMTP service on the server itself, but not from the SMTP sender channel in Mirth Connect.

I get the same error message about a certificate path. The correct certificate is installed for the service.
Reply With Quote
  #5  
Old 12-04-2013, 03:18 PM
eduardoa eduardoa is offline
Mirth Employee
 
Join Date: Mar 2013
Location: Santa Fe Springs, California
Posts: 134
eduardoa is on a distinguished road
Default

Where did you install the cert?
Reply With Quote
  #6  
Old 12-05-2013, 06:32 AM
brambleryan brambleryan is offline
What's HL7?
 
Join Date: Jul 2013
Posts: 2
brambleryan is on a distinguished road
Default

In the windows certificate store for the mirth connect service account under trusted root certificates.
Reply With Quote
  #7  
Old 12-05-2013, 10:10 AM
eduardoa eduardoa is offline
Mirth Employee
 
Join Date: Mar 2013
Location: Santa Fe Springs, California
Posts: 134
eduardoa is on a distinguished road
Default

Your best bet is to add the cert chain to the Mirth Connect truststore found in mirthconnect/appdata/truststore.jks. Then restart the Mirth Connect service.
Reply With Quote
  #8  
Old 04-02-2014, 12:06 PM
mweber mweber is offline
What's HL7?
 
Join Date: Oct 2013
Posts: 1
mweber is on a distinguished road
Default

Is anyone still working on this? Did it work?

If so I would be very appreciative to get more information about it.

Thank you.
Reply With Quote
  #9  
Old 04-02-2014, 12:18 PM
lueckep lueckep is offline
OBX.2 Kenobi
 
Join Date: Jul 2011
Posts: 73
lueckep is on a distinguished road
Default

I can confirm that for the initial issue posted on this thread, we did have to end up loading the cert to our mirthconnect/appdata/truststore.jks. From what I recall, the old cert was not in there so I'm still a bit stumped about how it was working previously...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 03:19 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Mirth Corporation