Email round trip monitor failures on checking for email, unable to find valid certification path to requested target

by Jul 26, 2016

Email round trip monitor failures on checking error text : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

If you're getting this alert when you try to use the email round trip service monitor, located under the user experience category, it is because your POP/IMAP server is using SSL and the signing authority is not valid. It is likely using a self signed certificate. This can be fixed by adding the server's certificate to our JVM's keystore.

First, you need to save the server certificate. This can be done by going to the webmail of the email server, in the case of exchange, and adding it as an exception. Then you can view it and use the export feature. Save the crt file somewhere on the monitoring server preferably.

Second, open a command prompt as administrator (must be administrator!)

Third: Navigate to uptime/jre/bin

Fourth: execute the following command

keytool -import -keystore <path to uptime>jrelibsecuritycacerts -file <pathnameofcert.crt> -alias <hostname of mail server>

so it will look like so:

C:uptimejrebin>keytool -import -keystore c:uptimejrelibsecuritycacerts -file demo-exch2013.crt -alias demo-exch2013

It will ask for the keystore password which has been left to the default "changeit". Enter that…

It will show all the details of the cert and ask you if this operation is ok. If it is, type yes and hit enter.

Restart the uptime data collector and controller for good measure (my service monitor didn't work until I did this.)

That's it. Your email round trip test should now work as expected.