AACC - CCMM SSL email

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jacks196
    Whiz
    • Oct 2014
    • 44
    #1

    AACC - CCMM SSL email

    Some months ago we implemented SSL security on email between our CCMM server and MS Exchange which all worked fine (eventually). We have renewed the SSL certificate chain on Exchange and now need to update the certificates on CCMM, I have followed the original procedure but CCMM is unable to poll the mailboxes in Exchange.

    Looking in the CCMM_EmailManager_1.log file I see the below error for each mailbox... I'm out of ideas and have wasted a full day without any success.... anybody any thoughts?



    2016-01-19 14:48:32.924 +0000 EmailManager:HAL 10520:23 7121 Minor None An exception was caught trying to connect to host: [HOSTNAME.DOMAIN.CO.UK], Inbox: [NAME OF MAILBOX]
    javax.mail.MessagingException: Connect failed;
    nested exception is:
    javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at com.sun.mail.pop3.POP3Store.protocolConnect(POP3St ore.java:148)
    at javax.mail.Service.connect(Service.java:275)
    at com.nortel.applications.ccmm.mail.hostaccess.servi ces.MailStore.performOpen(MailStore.java:413)
    at com.nortel.applications.ccmm.mail.hostaccess.servi ces.MailStore.open(MailStore.java:297)
    at com.nortel.applications.ccmm.mail.hostaccess.threa dpool.WorkerThread.executeRetrieve(WorkerThread.ja va:209)
    at com.nortel.applications.ccmm.mail.hostaccess.threa dpool.WorkerThread.executeRequest(WorkerThread.jav a:167)
    at com.nortel.applications.ccmm.mail.hostaccess.threa dpool.WorkerThread.run(WorkerThread.java:115)
    Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at com.sun.net.ssl.internal.ssl.InputRecord.handleUnk nownRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.InputRecord.read(Unkn own Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDat aRecord(Unknown Source)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(U nknown Source)
    at java.io.BufferedInputStream.fill(Unknown Source)
    at java.io.BufferedInputStream.read(Unknown Source)
    at java.io.DataInputStream.readLine(Unknown Source)
    at com.sun.mail.pop3.Protocol.simpleCommand(Protocol. java:347)
    at com.sun.mail.pop3.Protocol.<init>(Protocol.java:91 )
    at com.sun.mail.pop3.POP3Store.getPort(POP3Store.java :201)
    at com.sun.mail.pop3.POP3Store.protocolConnect(POP3St ore.java:144)
    ... 6 more
    Tags: None
  • vikramsg
    Whiz
    .
    • Apr 2011
    • 30
    #2
    This looks more like a Certificate issue.

    may be you should manually remote the certificate reference from the Java certificate store on CCMM and try to re-install the Certificates.

    You can use the keytool command. below is a sample of the command:

    keytool -v -importcert -alias "Alias Name" -file Ngcert.cer -keystore "C:\Program Files\Java\jre6\lib\security\cacerts”

    keytool -v -importcert -alias "Alias Name" -file Ngcert.cer -keystore "C:\Program Files (x86)\Java\jre6\lib\security\cacerts"


    This should fix the issue.


    Regards,
    Vikram SG.
    Regards,
    Vikram SG

    Comment

    • jacks196
      Whiz
      • Oct 2014
      • 44
      #3
      Thanks for the feedback Vikram...

      I've done as suggested but unfortunately I'm still unable to connect to Exchange..

      I've deleted the existing certificate from the Java cacerts keystore for both 32 & 64 bit Java installs, I've installed the new certificate in the chain individually in both 32 & 64-bit Java installs and verified they are installed correctly, I've changed the server configuration within AACC CCMM Administration to try both SSL and TLS protocols but still no joy.. I've been restarting the CCMM EmailManager service whenever making any changes...

      I'm at a loss now, I've spent 2 days trying to sort this out & am no further forward!

      Any further suggestions would be hugely appreciated.

      Thanks,

      Ashley

      Comment

      • jacks196
        Whiz
        • Oct 2014
        • 44
        #4
        .....I may have found the cause - we are using POP3 and apparently MS Exchange POP3 only supports TLS 1.0 - the new certificate we are using is SHA256, we do not believe a SHA256 certificate is compatible with TLS 1.0, the previous certificate was SHA1. We are going to generate a new SHA1 certificate which will hopefully resolve the issue.

        Comment

        • wellington35
          Whiz
          • Jul 2012
          • 44
          #5
          Thanks for sharing your solution!
          Wellington Paez
          Senior Convergence Specialist @ Carousel Industries
          http://wellingtonpaez.com

          Comment

          Previous template Next
          Loading