Sending mail using javamail api from IBM Websphere Application Server 8 - spring-mvc

How to send mail using gmail from IBM Websphere Application Server 8 using javamail 1.5.2 api because that give me a same error :
Caused by: java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error

You need to import Google certificate into the WebSphere's trust store.
WebSphere does not trust the certificate. You are trying to send an email to a server that uses SSL.
The easiest way is to use Retrieve from port
You can find info here: http://www-01.ibm.com/support/knowledgecenter/SS7JFU_8.5.5/com.ibm.websphere.express.doc/ae/usec_sslretrievesignercert.html
Have you used correct values for retrieving?
Host: smtp.gmail.com
Port: 465
Alias: gmail

Related

API Management 2018.1 and DataPower 7.7

I am trying to add DataPower 7.7 into API Management 2018.1.
I need to configure API Connect Gateway Service in DataPower (new APIC 2018.1 doesn't work with XML Management Service).
After configuration I got an error:
8:07:19 mgmt notice 959 0x00350015 apic-gw-service (default):
Operational state down
8:07:19 apic-gw-service error 959 0x88e00001 apic-gw-service
(default): Unexpected queue error: Domain check failed! Please ensure that
the 'default' domain exists and is enabled. Also, please verify that the API
Gateway Service is configured with the correct domain and SOMA credentials.
8:07:19 apic-gw-service error 959 0x88e000a0 apic-gw-service
(default): Failed to initialize gateway environment: datapower
DP version is 7.7.
Please suggest, if you have any information or manuals.
Note: Domain exists, main services are enabled
It's hard to tell what exactly the problem is based on the log messages shown above.
Update to original answer:
See also the documentation that is now available in the IBM API Connect Knowledge Center: https://www.ibm.com/support/knowledgecenter/SSMNED_2018/com.ibm.apic.install.doc/tapic_install_datapower_gateway.html
However, here are the basic steps for configuring a DataPower gateway to work with API Connect 2018.x.
You will need to ensure:
DataPower is running DP 7.7.0.0 or higher.
You have the AppOpt license installed. (Use the “show license” command in the DataPower CLI to confirm.)
You have a shared certificate and a private key for securing the
communication between the API Connect management server and the
gateway.
On DataPower, you need to:
Create an application domain. All of the subsequent configuration should be done in the application domain.
Enable statistics
Upload your private key and shared certificate to the cert:// directory in the application domain.
Create a crypto key object, a crypto certificate and a crypto identification credentials object using your key and certificate.
Create an SSL client profile and an SSL server profile that reference the crypto identification credential object.
Configure a gateway-peering object.
Configure and enable the API Connect Gateway Service in the application domain.
At that point, you should be able to configure the gateway in the API Connect cloud manager.
Here are the DataPower CLI commands to create a basic configuration. In the configuration below, IP address 1.1.1.1 represents a local IP address on your DataPower appliance. Traffic from the API Connect management server to the gateway will be sent to port 3000. API requests will go to port 9443 (but you can change it to the more standard port, 443, if you prefer.)
For a production environment, you will want to build on this configuration to ensure you are running with at least 3 gateways in the peer group, but this will get you started.
Create the application domain called apiconnect
top; configure terminal;
domain apiconnect; visible default; exit;
write mem
Use the Web GUI to upload your private key and shared certificate to the cert:// folder in the apiconnect domain
Then run these commands to create the configuration in the apiconnect domain
switch apiconnect
statistics
crypto
key gw_to_apic cert:///your-privkey.cer
certificate gw_to_apic cert:///your-sscert.cer
idcred gw_to_apic gw_to_apic gw_to_apic
ssl-client gwd_to_mgmt
idcred gw_to_apic
no validate-server-cert
exit
ssl-server gwd_to_mgmt
idcred gw_to_apic
no request-client-auth
validate-client-cert off
exit
exit
gateway-peering apic
admin-state enabled
local-address 1.1.1.1
local-port 15379
monitor-port 25379
priority 100
enable-ssl off
enable-peer-group off
persistence local
exit
apic-gw-service
admin-state enabled
local-address 0.0.0.0
local-port 3000
api-gw-address 0.0.0.0
api-gw-port 9443
v5-compatibility-mode on
gateway-peering apic
ssl-server gwd_to_mgmt
ssl-client gwd_to_mgmt
exit
write mem
The problem you are seeing is an issue with creating your api connect service in the default domain. To work around just put your Api Gateway Service in a domain other than default.

STARTTLS error when sending alerts from Cloudera manager

I'm trying to adjust alerts using Cloudera's Alert publisher (v. 5.14). Here are my alert publisher's settings from Cloudera's UI:
- Enable Email Alerts: true
- Mail Server Protocol: smtp
- Mail Server Hostname: smtp.gmail.com
- Mail Server Username: sender#hadoop-cluster.org
- Mail From Address: sender#hadoop-cluster.org
- Mail Message Recipients: recipient#gmail.com
- Mail Server TCP Port: 587
Any others configs I left by default. Sender's and recipient's emails was obfuscated in this snippet but I can say that "hadoop-cluster.org" is a domain which have a GSuite record so SMTP configs of hadoop-cluster.org should be similar to GMail configs.
When I've applied these settings and restart Cloudera management service I've tried to send test alert. In alert publister's logs I'm catching the following exception:
com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.0 Must issue a STARTTLS command first. p10*****.47 - gsmtp
at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:1829)
at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1368)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:886)
at org.springframework.mail.javamail.JavaMailSenderImpl.doSend(JavaMailSenderImpl.java:416)
at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:340)
at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:355)
at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:344)
at org.apache.camel.component.mail.MailProducer.process(MailProducer.java:44)
at org.apache.camel.impl.converter.AsyncProcessorTypeConverter$ProcessorToAsyncProcessorBridge.process(AsyncProcessorTypeConverter.java:50)
What I'm doing wrong? I've searched the answer on Cloudera's community forums but didn't found any useful advises.
Must issue a STARTTLS command
Enable TLS security by configuring Mail Server Protocol: smtps
Restart cloudera management service and trigger a test email. Don't need to explicitly specify tls port. It will use port 587 by default.
https://developers.google.com/gmail/imap/imap-smtp

Does BizTalk WCF-BasicHttp adapter actually verify the service certificate?

I have a WCF-BasicHTTP send port configuredas follows:
Security tab Security mode:Transport;
Transport client credential type: Certificate;
Client certificate: (thumbprint of our client cert);
Service certificate: (thumbprint of the service's public key cert).
General tab, Endpoint Identity: everything is left blank.
There is a send pipeline component that substitutes alternative endpoint addresses depending on the interaction type (all endpoints share the same base URL).
Recently, our trading partner has renewed their server certificate, and failed to notify us in advance. The send port continues working (good). However, the behaviour leads me to believe that even though BizTalk forced me to specify some service certificate thumbprint, the adapter then does not actually verify the service certificate thumbprint against what's set in the binding. I can't figure out if this is a bug or by design?

Alfresco Mobile: Kerberos und iOS login: java.io.IOException: ASN.1 type 0x3a decode not supported

In my Alfresco installation (5.0.d Community), I have the following authentication chain:
authentication.chain=kerberos1:kerberos,ldap1:ldap,alfrescoNtlm1:alfrescoNtlm
I can login with any desktop browser as well as with the Alfresco mobile app for Android just fine, both on port 8080 (http) and port 443 (https).
But when I try to login with iPhone or iPad, I am getting the following error message in the log (both http and https):
[org.alfresco.web.app.servlet.KerberosAuthenticationFilter]
[http-bio-443-exec-13] java.io.IOException: ASN.1 type 0x3a decode not supported
[org.alfresco.web.app.servlet.KerberosAuthenticationFilter]
[http-bio-8080-exec-6] java.io.IOException: ASN.1 type 0x3a decode not supported
Does anybody have an idea what the problem is here or how to fix it?
There are several candiates as root cause.
I assume you have enabled sso? Alfresco doesn't support fallback to basic auth on several protocols (yet) if SSO is enabled: https://issues.alfresco.com/jira/browse/ACE-2678
As for now you need to set kerberos.authentication.sso.enabled=false
to get iOS running.
Additionally you need to set the proxy parameters in the tomcat connector or configure a RemoteIpValve if tomcat is not your endpoint.
If connecting thru https iOS requires trusted ssl certs. The easiest way to accomplish that is to use nginx or apache as reverse proxy

biztalk server 2010 Error Routiing through SMTP send port

I have got a simple BizTalk Application in which there is only one schema and pipeline. I have simply add XML Validator in validate stage of pipeline.I have deployed this app in BizTalk Server 2010.
Now I have created a receive location which takes a XML file and set its receive pipeline which i have created. I have also marked "Enable routing for failed messaged" in receive port.
I have also created a SMTP send port and and configured it with mail server name and etc.
Receive port is working fine but send port is unable to send emails.
When i check "Track Service Instance" is shows an error "Transport failed to connect to the server".
Update: I am using Gmail SMTP server name in order to send e-mails and I am getting the error "The server rejected the sender address. The server response was: 530 5.7.0 Must issue a STARTTLS command first. ye1sm22267001pab.19 - gsmtp"
Where could be the problem? Any help will be appreciated
With that error in your update the problem is clear.
The Gmail server is expecting a SSL connection.
See SMTP TLS problem
The standard SMTP adapter does not support SSL/TLS connections.
You will need to write a custom adapter or purchase a third party
adapter to support SSL connections
http://www.nsoftware.com/products/biztalk/adapters/emails.aspx
Greg.Forsythe
EDIT: An alternative is to connect to a local SMTP server that doesn't require SSL/TLS and let it route the e-mails.
Are you running 32 bit or 64 bit? Is your tracking host in 32 bit or 64 bit? MIME/SMIME encoder pipeline can't run in 64 bit mode... are you using that?
http://msdn.microsoft.com/en-us/library/gg634591.aspx
"Transport failed to connect to the server"
This error message basically means the BizTalk SMTP adapter is unable to connect to the SMTP server or the server does not allow to send the e-mail.
Try connecting to the SMTP server with the telnet client (you may need to install this as an additional feature) or by configuring the proxy (available on the SMTP adapter and adapter defaults).
It might also be the case that you need to authenticate towards the SMTP server.
Also, some SMTP servers do not allow to send an e-mail from an unknown domain like "someone#notthenameofthecompany.com".
Hope this helps.

Resources