You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@nifi.apache.org by Luis Carmona <lc...@openpartner.cl> on 2020/05/06 03:42:06 UTC

ConsumeIMAP certificates issue

Hi guys,

I have a project that needs to receive the mails flow from an Imap
server.

If I try to read from port 993, get the error:

sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

If I try to read from port 143, get the error:

Unrecognized SSL message, plaintext connection



As my mail server accepts only secure login, I presume it is claiming
about the corresponding certificate.

The question is how to configure from where it has to read the
certificate ?


Thanks in advance.

Regards,

LC

Re: ConsumeIMAP certificates issue

Posted by Andy LoPresto <al...@apache.org>.

Since the ConsumeIMAP processor does not expose an SSLContextService controller service to allow you to configure a custom truststore, it looks like the certificate verification is done internally in the underlying Spring library. I would try adding the public certificate of the IMAP server to the following truststores, one at a time, in this order: 

1. JRE cacerts (copy the actual cacerts and ensure you have a backup before you start modifying it)
2. The NiFi truststore configured in nifi.properties

Andy LoPresto
alopresto@apache.org
alopresto.apache@gmail.com
He/Him
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

> On May 5, 2020, at 8:42 PM, Luis Carmona <lc...@openpartner.cl> wrote:
> 
> Hi guys,
> 
> I have a project that needs to receive the mails flow from an Imap
> server.
> 
> If I try to read from port 993, get the error:
> 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> 
> If I try to read from port 143, get the error:
> 
> Unrecognized SSL message, plaintext connection
> 
> 
> 
> As my mail server accepts only secure login, I presume it is claiming
> about the corresponding certificate.
> 
> The question is how to configure from where it has to read the
> certificate ?
> 
> 
> Thanks in advance.
> 
> Regards,
> 
> LC
> 
> 
> 
>