Java邮件TLS身份验证 [英] Java mail TLS authentcation
问题描述
我试图了解Java Mail API和TLS的基础知识.我有以下情况:
I am trying to get a grasp on the fundamentals of Java Mail API and TLS. I have the following scenario:
有一个使用TLS&SSL.如果我使用某些客户端登录到此服务器,则可以毫无问题地发送经过身份验证和验证的电子邮件.
There is an STMP server that uses TLS & SSL. If I log on to this server with some client, I can send authenticated &verified e-mails without any problems.
然后,我尝试在另一台计算机上运行Web服务器,该计算机使用前面提到的SMTP服务器发送邮件.我仍然想发送TLS&SSL电子邮件,但是,无论我如何配置启动属性,都会收到以下众所周知的错误:
Then I try to run a web server on a different machine, that sends mail using the previously mentioned SMTP server. I still want to send TLS & SSL emails, however no matter how I configure the startup properties I get the following well known error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我发现很多人都有类似的问题,但是我的问题是:
I found a lot of people having similar issues, however my question is this:
考虑先前描述的情况,我是否必须获得某种形式的证书到Web服务器(可能在JRE中的某处),还是应该正常工作,因为邮件服务器已经具有该证书了?身份验证机制正在运行.不能仅使用SMTP服务器的证书吗?无论如何,如果我必须将证书安装到使用STMP服务器的计算机上,如何获得该证书?
Considering the previuosly described scenario, do I have to get some kind of certificate to the web server (possible somewhere in the JRE), or should it just work fine since the mail server already has that certificate & authentication mechanizm running. Shouldn't it be possible to just use the certificate of the SMTP server? Anyway, if I have to install the certificate to the machine that uses the STMP server how can I get that certificate?
我对JavaMail API还是很陌生,我看过很多关于此的文章,但找不到答案Black&.我的问题是白色的.
I'm pretty new to JavaMail API and I have seen lots of articles about this but I could not find the answer black & white for my question.
推荐答案
您的客户端(在您的情况下,就是在网络服务器上运行的客户端)需要验证邮件服务器的SSL证书.看来您的Java Truststore不包含该证书.
Your client (that is in your case the one running on the webserver) needs to verify the SSL certificate of the mail server. It seems that your java truststore doesn't contain that certificate.
因此,您需要将该证书放入JRE的默认信任库中(我不建议这样做),或者为您的应用程序定义其他信任库(当然需要包含邮件服务器证书).为此,请设置以下VM参数: Djavax.net.ssl.trustStore =< path-to-truststore>
So you either need to put that certificate into the default truststore of your JRE (what I wouldn't recommend) or define a different truststore for your application (that of course needs to contain the mail servers certificate). To do that set this VM parameter: Djavax.net.ssl.trustStore=<path-to-truststore>
啊,我错过了您的问题的一部分.要获取邮件服务器的证书,请使用openssl之类的东西.参见例如: https://serverfault.com/questions/139728/how-to-从一个网站下载SSL证书
Ah I missed some part of your question. To get the certificate of the mail server use something like openssl. See for example: https://serverfault.com/questions/139728/how-to-download-ssl-certificate-from-a-website
这篇关于Java邮件TLS身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
