Issue
G3 station will not email alarms to intended recipients. Getting “java.security.cert.CertificateException: failed certificate validation” error in the station Application Director window.
The error reads:
mail.MessagingException: Could not connect to SMTP host: outbound.att.net,
port: 465;
nested exception is:
javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: failed certificate validation,
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1972)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:642)
at javax.mail.Service.connect(Service.java:317)
at javax.mail.Service.connect(Service.java:176)
at javax.mail.Service.connect(Service.java:125)
at javax.baja.email.BOutgoingAccount.pollQueue(BOutgoingAccount.java:769)
at javax.baja.email.BOutgoingAccount.poll(BOutgoingAccount.java:715)
at javax.baja.email.BEmailAccount.doPoll(BEmailAccount.java:567)
at javax.baja.email.BEmailAccount.access$0(BEmailAccount.java:36)
at javax.baja.email.BEmailAccount$Poller.run(BEmailAccount.java:617)
Caused by: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: failed certificate validation,
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at com.tridium.crypto.core.io.CryptoCoreClientSocketFactory$NSSLSocket.startHandshake(CryptoCoreClientSocketFactory.java:334)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:548)
at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:352)
at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:207)
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1938)
Environment
Niagara G3 3.8.37, ENS, ENC
Cause
The security certificate for the SMTP server has not been accepted/approved. This error was seen when attempting to connect to the outbound.att.net SMTP server. It may apply to other SMTP server as well.
Resolution
Check to see if there’s a certificate for the mail server and if it has been approved.
- Open the station’s Platform and select ‘Certificate Management’.
- Select the Allowed Hosts tab.
- Look for host named ‘outbound.att.net’ (it’s probably has not been approved)
- Right-click on it and select ‘Approve’
- Select ‘Yes’ for the messages ‘Are you sure you want to approve the selected exemption(s)?’
To send or clear queued emails:
- Double-click on the station’s ‘EmailService’
- Right-click on the OutgoingAccount and select ‘Actions’ and then ‘Send’ or ‘Clear Alarms’
If it was a certificate issue, you should now be able to send emails to the SMTP server.
