YouTrack fails to send email notifications using Amazon SES

Answered

 

Hi,

I am trying to set up YouTrack to send email notifications using Amazon SES but it fails with the following error:

 

Mail server connection failed; nested exception is javax.mail.MessagingException: Can't send command to SMTP host; nested exception is: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty. Failed messages: javax.mail.MessagingException: Can't send command to SMTP host; nested exception is: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

 

See screenshot of error and email settings below:

I have tried to send emails using a standalone program based on the java mail api which I deployed onto the server where youtrack is installed. There was nor error and all emails were correctly sent & received. The sample code is supplied by Amazon see http://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-using-smtp-java.html

On the internet, I found that the "InvalidAlgorithmParameterException / trustAnchors" issue seems to be caused by a missing or inaccessible truststore. 

For some reason, youtrack cannot access a truststore but my standalone program didn't run into this issue. So there must be a way to configure which truststore is used by youtrack.

 

I have also tested with gmail, and I faced the same issue.

 

Can you please help?

 

 

3 comments
Comment actions Permalink
Official comment

Hello Franck,

could you please upload the Amazon certificate into the Trusted Certificates in YouTrack? Let us know if it helps, thank you.

https://www.jetbrains.com/help/youtrack/incloud/7.0/SSL-Certificates.html#d108423e152

Comment actions Permalink

Hi

 

Actually i got it sorted just by stopping and restarting tomcat service.

I forgot to mention that it used to work and then for some reason it stopped working.

Restarting the service sorted it.

There was no need to add any certificate.

Can you confirm that adding a certificate in the list of trusted certificate in YouTack is not mandatory?

 

Franck

0
Comment actions Permalink

Hello Franck, it seems like your Tomcat has lost its JVM truststore, and then after restart this issue was fixed.

So it looks like your mail server certificate is actually signed by a well-known authority, and there is no need to add it to the YouTrack truststore.

0

Please sign in to leave a comment.