I'm using smtp.gmail.com:465 as the mail server for coldfusion. I used the command openssl s_client -connect smtp.gmail.com:465
to get its cert and import it into its Java truststore.
It works perfectly for awhile with no issues. Then after a random number of weeks it stops working and it gives this error:
javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
It works after grabbing the cert and importing it again.
It gets annoying that I have to keeping doing this.
Anyone know what might be causing the issue and a solution if possible?
After some digging, I realized that the java truststore (cacert) was missing all root CA certs including gmail's root CA. A found a list of common root CA certs including gmail's and import them into the truststore.