TIPS Use cfmail with SSL authentication

More and more mail servers requires SSL authentication to send emails. Usually you send mail like <cfmail server="smtp.server.com" usessl="true" port="465" ...>. You may need to add a mail server certificate into Railo JRE environment to avoid connection errors like this one: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

1. Add certificate to Railo itself. Go to Railo Server Administrator -> Services -> SSL certificates Host: smtp.server.com - for example Port: 465 Click List, then Install.

2. Fetch and Install certificate into JRE environment (path to Railo JRE, for example /opt/railo/jdk/) fetch on Linux: openssl s_client -connect smtp.server.com:465 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /opt/smtp-mail-public.crt fetch on Windows (or get certificate and save to local file without command line): openssl s_client -connect smtp.server.com:465 < NUL | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > C:/smtp-mail-public.crt

Now we have a certificate file. Install with a JRE keytool: /opt/railo/jdk/jre/bin/keytool -import -alias smtp.server.com -keystore /opt/railo/jdk/jre/lib/security/cacerts -file /opt/smtp-mail-public.crt The default prompted password for keystore is changeit

3. Restart Railo to apply changes. <cfmail server="smtp.server.com" usessl="true" port="465" ...> should work now.

Do not forget to repeat steps 2) and 3) if you decide to upgrade JRE version by replacing JRE folder.