Skip to main content

POP3Store and custom truststore

  4 posts   Feedicon  
Replies: 3 - Last Post: November 21, 2012 11:29
by: jessejames
showing 1 - 4 of 4
Posted: November 20, 2012 13:42 by jessejames
I'm connecting to a pop3 server via SSL and the server does not necessarily have a trusted certificate (Internal PKI). I want to give the user the possibility to supply a custom trust store to my app that contains the certificates to trust. How can I make the POP3Store to use this truststore ?

I do not want to affect other processes running the in the JVM so only this one connection should use the truststore.

I tried providing a SSLSocketFactory to the connection but it still doesn't work:

 private SSLSocketFactory createSSLTestConfig()  {

        SSLSocketFactory sf = null;
        try {

            KeyStore trustStore = KeyStore.getInstance("JKS");

            trustStore.load(new FileInputStream("truststore.jks"), "password".toCharArray());

            // Set up key manager factory to use our key store
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            kmf.init(trustStore, "password".toCharArray());

            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");

            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, trustManagers, null);

            sf = sslContext.getSocketFactory();

        } catch (Exception e) {
            POP3Client.log.error("Could not initial SSL:" + e.getMessage());
        return sf;

Then I set the SSLSocketFactory as explained here:

Properties properties = new Properties();
properties.put("", host);
properties.put("mail.pop3s.port", port);
properties.put("mail.pop3.ssl.socketFactory", createSSLTestConfig());

Session    emailSession = Session.getDefaultInstance(properties);

pop3Store = (POP3Store) emailSession.getStore("pop3s");

but I get the ssl exception
> PKIX path building failed:

My truststore.jks contains the self signed certificate of the server.

what am I doing wrong?

Posted: November 20, 2012 13:54 by jessejames
ok, the problem is that I forgot the "s" in "mail.pop3s...." while setting the properties:

properties.put("mail.pop3s.ssl.socketFactory", createSSLTestConfig());
Posted: November 20, 2012 21:56 by Bill Shannon
You might also find the MailSSLSocketFactory included in JavaMail useful.
Posted: November 21, 2012 11:29 by jessejames
ok, thanks shannon.
Replies: 3 - Last Post: November 21, 2012 11:29
by: jessejames
Please Confirm