How to configure trustStore for javax.net.ssl.trustStore on windows?

Question

I\'m trying to pull messages from an email server in java using imap and i run into this exception:

DEBUG: JavaMail version 1.4.2
DEBUG: successfully loaded          


        

Answer 1

Actually all you need to do is use Windows-ROOT as trustStoreType. This will use built-in certificates so if anything works in your browser then it should work.

1. Add to VM options:
   • -Djavax.net.ssl.trustStoreType=Windows-ROOT
   • -Djavax.net.ssl.trustStore=C:\\Windows\\win.ini
2. Restart the server.

Note! Probably any readable file can be used as a trustStore path. It's not really used.

You can also use Windows-MY instead so:

-Djavax.net.ssl.trustStoreType=Windows-MY

See also: https://github.com/gradle/gradle/issues/6584#issuecomment-431862413.

Answer 2

The error is that java can't find a certificate to invoke the server in your keystore.

You are using the default keystore from java. Make sure that you put the server certificate in it.

Or you can create your keystore. Use the standard Java keytool, for example:

keytool -genkey -dname "cn=CLIENT" -alias truststorekey -keyalg RSA -keystore ./client-truststore.jks -keypass whatever -storepass whatever
keytool -import -keystore ./client-truststore.jks -file servercert.crt -alias myca

Answer 3

You should first check what certificate server is sending you.To do it:

1. Turn on ssl debug: -Djavax.net.debug=all
2. Find the following lines in log: *** Certificate chain ...
3. Find who the issuer of certificate
4. Add issuer certificate to some trust store (actually if you receive cert. chain you can add root certificate)
5. Rerun with -Djavax.net.ssl.trustStore=path/to/new/truststore and -Djava.net.ssl.trustStorePassword=...

BTW:

1. You don't need to explicitly specify java trust store
2. every setting of same system property overrides previous value
3. you have strange line: DEBUG: trying to connect to host "10.53.151.183", port 143, isSSL false