Summary

This PhenixID Solution Document (PSD) is written for PhenixID Automatic Account Manager 3.7.

This PSD describes changes in the way SMTP is used in newer versions of JAVA.

The reader of this PSD should have some basic knowledge about PhenixID Automatic Account Manager.

System Requirements

• PhenixID Automatic Account Manager 3.7 installed.

Overview

Recent changes in the JavaMail API has changed certain authentication defaults and will sometimes create an authentication error with some SMTP Server environments, dependending on the configuration.

Instruction

We will make changes to the file cacerts located in <PhenixID AAM installationdirectory>/jre/lib/security, so please make a backup of this file before going any further.

If TLS is not enabled on the SMTP connection in AAMStudio you might see the following in the log:
No authentication mechansims supported by both server and client

So TLS should now be used for the connection.

If the SMTP server presents a self signed certificate, where the CA is not known the following can be seen in the log file when trying the connection using TLS:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

In this scenario, we need to import the certificate into the cacaerts that AAM uses.

A good way to see the certificate is to use the following command:
openssl s_client -connect smtpserverip:smtpserverport (192.168.0.12:25) -starttls smtp

Then export the certificate, and import it into cacerts using the following command:
keytool -keystore <aaminstallationdir>/jre/lib/security/cacerts -importcert -alias smtpserveralias -file exportedcertificatefile.cer.

Default password for cacerts is changeit.