Support Center > Search Results > SecureKnowledge Details
"Unable to find valid certification path to requested target" error in SmartEndpoint when checking connectivity with Email Server Technical Level
Symptoms
  • In SmartEndpoint, go to "Manage" menu - click on "Email Server Settings" - select "Configure settings" - enter the required information - click on "Check Connectivity" - operation fails with:

    SMTP Error: Could not convert socket to TLS
    Unable to find valid certification path to requested target
    
  • $UEPMDIR/logs/server_messages.log on Endpoint Security Server shows the following error:

    [YYYY-MM-DD HH:MM:SS,NNN] ERROR Dispatcher-Thread-4 - Failed to send Alert email notification. (root)
    com.checkpoint.uepm.UEPMException: Failed to send Alert email notification.
    	at com.checkpoint.uepm.emon.dal.util.EmailNotificationHandler.processEvent(EmailNotificationHandler.java:68)
    	at com.checkpoint.uepm.sys.util.HandlerQueue$Worker.run(HandlerQueue.java:128)
    Caused by: com.checkpoint.util.mail.MailMessageFailedException: javax.mail.MessagingException: Could not convert socket to TLS;
      nested exception is:
    	javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    
Cause

SmartEndpoint / Endpoint Security Server does not recognize the CA (Certificate Authority) that signed the certificate used on the SMTP Email Server (e.g., this is a self-signed certificate).


Solution
Example:
If you e-mail server hostname is exchangehost.domain.com
Search for a certificate according to sk84680 where:
ISSUER:
   CN=EXCHANGEHOST
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment