Troubleshooting

1. Unable to find valid certificate path to requested target

Error:

javax.net.ssl.SSLHandshakeException: sun.security.validatorException:PKIX path building failed:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certificate path to requested target

Cause:

While using TLS or SSL, Java might not recognize the email server certificates.

Troubleshooting steps:

In this case, you must manually import the email server, issuer, and root certificates into ADAudit Plus.

Steps to retrieve the email server, issuer, and root certificates

If you do not have the email server certificates, use the OpenSSL tool to retrieve them from the email server by following these steps:

• Export the certificates from Google Chrome
• Retrieve the certificates using OpenSSL

Steps to export the certificates from Google Chrome

• Open Google Chrome on your computer, enter your email server address in the address bar, and press Enter.
• Click the View site information option, which is a padlock icon in the address bar to the left of the URL.
• Click Connection is secure, then click Certificate is valid, which opens the Certificate Viewer.
• Click the Details tab, then click Export..., which opens the Save As window.
• Enter a suitable name for the certificate file, select Base64-encoded ASCII, single certificate for the Save as type, then click Save.
• Once you have exported the certificates, follow the steps here to import them into ADAudit Plus.

Steps to retrieve the certificates using OpenSSL

• Download and install the OpenSSL tool.
• Open Command Prompt and navigate to <OpenSSL_Installation directory>\bin.
• Run the s_client command, specifying the server and the port you want to connect to.

  • If the server you are using requires an SSL connection, execute the following command:

    Openssl s_client -connect <mail server name>:<sslport>

  • If the server you are using requires a TLS connection, execute the following command:

    Openssl s_client -connect <mail server name>:<tlsport> -starttls smtp

• When this command is executed, the Command Prompt screen will display information related to the certificates. From the information, identify tags that say BEGIN CERTIFICATE and END CERTIFICATE.
• Copy and paste the information contained in the aforementioned tags into a text file and save the file with a .cer extension.

Steps to import the email server certificates into ADAudit Plus

To import the certificates into ADAudit Plus:

• Copy the downloaded email server, issuer, and CA root certificates and paste them in the <ADAudit Plus_Installation directory>\bin folder.

• Open Command Prompt, navigate to <ADAudit Plus_Installation directory>\jre\bin, and execute the following command:

  keytool -import -v -alias adap -file "certificateName" -keystore "<ADAudit Plus_Installation directory>\jre\lib\security\cacerts" -keypass changeit

  Note: To check if the certificates have been imported, open Command Prompt, navigate to <ADAudit Plus_Installation directory>\jre\bin, and execute the following command:

  keytool -v -list -keystore ..\lib\security\cacerts>Certificate.txt

When this command is executed, you will find a text file named Certificate in the <ADAudit Plus_Installation directory>\jre\bin folder. Open the file and verify that the required certificates are in the file.

Once the downloaded certificates are imported successfully, you should be able to send emails. However, if the issue persists, contact support@adauditplus.com.

2. SSL handshake exception

Error:

javax.net.ssl.SSLHandshakeException cannot be cast to javax .mail.MessagingException

Cause:

This exception occurs when the ADAudit Plus server and email server are unable to communicate. This could happen when an incorrect port or incorrect secure connection details are used.

Troubleshooting steps:

Check if the email can be sent via the email server using one of the following:

• Telnet if TLS or SSL is not enabled
• OpenSSL if TLS or SSL is enabled
• Java client

Steps to test the connection using Telnet

• Open Command Prompt, type Telnet, and press Enter. This command will open a Telnet session.

  Note: The Backspace key cannot be used in the Telnet session once you connect to the destination SMTP server. If you make a mistake as you type an SMTP command, you should press Enter and retype the command.

• If you want to view the characters as you type them, execute the optional command below:

  set localecho

• If you want to enable logging, specify the log file for the Telnet session by executing the optional command below:

  set logfile <filename>

• Type OPEN followed by the mail server name and port as shown below and press Enter.

  OPEN <mail server name> <port>

• Start the SMTP conversation by typing EHLO followed by your mail server's fully qualified domain name as shown below:

  EHLO <mail server name>

  Command Prompt will return the list of supported commands.

• To send an email, type in the sender's email address as shown below and press Enter.

  MAIL FROM:<your_name@yourdomain.com>

  Command Prompt should return the message "250 2.1.0 Sender OK".

• Next, type in the recipient's email address as shown below and press Enter.

  RCPT TO:<recipient@recipientdomain.com> NOTIFY=success,failure

  Note: The NOTIFY command is optional. In this example, it is used to request a delivery status notification that indicates whether message delivery succeeded or failed.

• To pass the subject header and the body, type DATA and press Enter.
• Type Subject: Test and press Enter.
• Because a blank line is needed between the subject and the message, press Enter again.
• Type your test message and press Enter. If you are ready to send the email, type the period symbol (.) and press Enter. Command Prompt should return the message "250 2.6.0 Queued mail for delivery" if the email was delivered successfully.
• To disconnect from the SMTP server, type QUIT and press Enter. To close the Telnet session, type QUIT and press Enter.

Steps to test the connection using OpenSSL

• Download and install the OpenSSL tool.
• Once installed, open Command Prompt and navigate to <OpenSSL_Installation directory>\bin.
• Run the s_client command, specifying the server and the port you want to connect to.

  • If the server you are using requires an SSL connection, execute the following command:

    openssl s_client -connect <mail server name>:<sslport>

  • If the server you are using requires a TLS connection, execute the following command:

    openssl s_client -connect <mail server name>:<tlsport> -starttls smtp

• Now, start an SMTP conversation by entering EHLO followed by the domain name or IP address as shown below:

  EHLO <mail server name>

• To authenticate yourself, enter:

  AUTH LOGIN

• You will be prompted to enter a Base64-encoded username. To generate a Base64-encoded username, open this website in a new tab, enter your email address, and click ENCODE. Copy the result, paste it in Command Prompt, and press Enter.
• Additionally, you must enter a Base64-encoded password. To generate a Base64-encoded password, open this website in a new tab, enter your password, and click ENCODE. Copy the result, paste it in Command Prompt, and press Enter.

• Now, to send an email, type the sender's email address in Command Prompt as shown below and press Enter.

  MAIL FROM:<your_name@yourdomain.com>

• Next, type in the recipient's email address as shown below and press Enter.

  RCPT TO:<recipient@recipientdomain.com>

• To pass the subject header and the body, type DATA and press Enter.
• Type Subject: Test and press Enter.
• Because a blank line is needed between the subject and the message, press Enter again.
• Type your test message and press Enter. If you are ready to send the email, type the period symbol (.) and press Enter.
• Wait for a few minutes. You should receive a confirmation ("250 OK") at the end if the email was sent successfully. Then, type QUIT and press Enter to close the connection.

Steps to test the connection using a Java client

• Download the TestMail.zip file and extract it to <ADAudit Plus_Installation directory>\SMTPTest.

• Now, open Command Prompt as an administrator, navigate to <ADAudit Plus_Installation directory>\SMTPTest, and run the following command:

  java -cp "<ADAudit Plus_Installation directory>\lib\Mail-1.4.4.jar;." TestMail

• When this command executes successfully, you will be prompted to enter the following details:

  Server Name/IP	Enter your email server name.
  Port	Enter the port used by your email server.
  Secure Connection (SSL/TLS)	Specify which connection you want to use.
  From Mail	Enter the sender's email address.
  Password	Enter the password.
  To Mail	Enter the recipient's email address.
  Subject	Enter the subject.
  Message	Enter your message.

  Once you specify the details above, you will receive the "250 2.0.0 OK" confirmation if the email was sent successfully.

If you are unable to send the email, the issue is likely in the email server. Please check if your email server settings are configured correctly. If you are able to send the email successfully, but the exception persists, contact support@adauditplus.com to resolve the problem.