在启用StartTLS选项的情况下从Keycloak发送电子邮件时出错
在启用StartTLS选项的情况下从Keycloak发送电子邮件时出错
提问于 2020-12-11 23:03:11
Keycloak通过helm chart在Kubernetes中运行。禁用SSL并启用StartTLS (这是我们的邮件服务器请求)时,会出现以下错误:
14:26:54,545 ERROR [stderr] (default task-8) ... 84 more
14:26:54,545 ERROR [stderr] (default task-8) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
14:26:54,545 ERROR [stderr] (default task-8) at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
14:26:54,545 ERROR [stderr] (default task-8) at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
14:26:54,545 ERROR [stderr] (default task-8) at java.base/sun.security.validator.Validator.validate(Validator.java:264)
14:26:54,545 ERROR [stderr] (default task-8) at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
14:26:54,545 ERROR [stderr] (default task-8) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
14:26:54,545 ERROR [stderr] (default task-8) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
14:26:54,545 ERROR [stderr] (default task-8) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629)
14:26:54,545 ERROR [stderr] (default task-8) ... 98 more
14:26:54,545 ERROR [stderr] (default task-8) Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
14:26:54,546 ERROR [stderr] (default task-8) at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
14:26:54,546 ERROR [stderr] (default task-8) at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
14:26:54,546 ERROR [stderr] (default task-8) at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
14:26:54,546 ERROR [stderr] (default task-8) at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
14:26:54,546 ERROR [stderr] (default task-8) ... 104 more
14:26:54,547 ERROR [org.keycloak.services.resources.admin.RealmAdminResource] (default task-8) Failed to send email
javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target回答 1
Stack Overflow用户
发布于 2020-12-12 04:02:59
最可能的原因是,Java虚拟机(JVM)不信任您的邮件服务器证书(可能是自签名的?)
解决方案可以是手动创建包含此证书的信任库
查看有关创建填充信任库的多个答案,例如How to import a .cer certificate into a java keystore?
这个密钥库现在需要挂载到密钥罩容器中,并作为JAVA_OPTS参数传递给JVM。
-Djavax.net.ssl.trustStore=/loc/in/container/truststore.jks
-Djavax.net.ssl.trustStorePassword=changeit根据您使用的舵图,解决方案会有所不同。例如,使用Codecentric-Keycloak Chart,您可以在此处设置https://github.com/codecentric/helm-charts/tree/master/charts/keycloak#jvm-settings设置,并在extraVolumeMounts/extraVolumes的帮助下挂载密钥库
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/65253726
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号