Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): v 2.13.0/Kubernetes/Firefox
Describe the issue:
We are not able to send mails via STARTTLS because the certificate is not found (unable to find valid certification path to requested target). I added the missing certificate to the cacerts keystore, and tried to send mails with another java program using the same libs. This works once the correct certificate is provided in the cacerts keystore. However it doesn’t from Opensearch:
I added the certificate by keytool -cacerts -import -file mycert.pem, which added the certificate to keystore $JAVA_HOME/lib/security/cacerts. What cacerts keystore is used by opensearch for mail sending?
Configuration:
Relevant Logs or Screenshots:
[2024-06-27T13:04:39,817][INFO ][o.o.n.c.c.DestinationSmtpClient] [pc-logging-master-0] EmailException javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: **unable to find valid certification path to requested target**
[2024-06-27T13:04:39,817][INFO ][o.o.n.s.SendMessageActionHelper] [pc-logging-master-0] notifications:sendMessage:statusCode=424, statusText=sendEmail Error, status:Could not convert socket to TLS
[2024-06-27T13:04:39,817][INFO ][o.o.n.s.SendMessageActionHelper] [pc-logging-master-0] notifications:CjspgI8BYWKGlDAc9PEH:statusCode=424, statusText=sendEmail Error, status:Could not convert socket to TLS
[2024-06-27T13:04:39,818][WARN ][o.o.n.a.PluginBaseAction ] [pc-logging-master-0] notifications:OpenSearchStatusException:
org.opensearch.OpenSearchStatusException: {"event_status_list": [{"config_id":"JOKROpABG9lzXzS8Ztip","config_type":"email","config_name":"stephan","email_recipient_status":[{"recipient":"stephan.name@example.com","delivery_status":{"status_code":"424","status_text":"sendEmail Error, status:Could not convert socket to TLS"}}],"delivery_status":{"status_code":"424","status_text":"sendEmail Error, status:Could not convert socket to TLS"}}]}
at org.opensearch.notifications.send.SendMessageActionHelper.executeRequest(SendMessageActionHelper.kt:101) ~[?:?]
at org.opensearch.notifications.send.SendMessageActionHelper$executeRequest$1.invokeSuspend(SendMessageActionHelper.kt) ~[?:?]
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) [kotlin-stdlib-1.8.21.jar:1.8.21-release-380(1.8.21)]
at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:32) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:113) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46) [kotlin-stdlib-1.8.21.jar:1.8.21-release-380(1.8.21)]
at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:571) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:678) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:665) [kotlinx-coroutines-core-jvm-1.4.3.jar:?]
[2024-06-27T13:04:39,819][ERROR][o.o.n.a.SendTestNotificationAction] [pc-logging-master-0] notifications:SendTestNotificationAction-send Error:OpenSearchStatusException[{"event_status_list": [{"config_id":"JOKROpABG9lzXzS8Ztip","config_type":"email","config_name":"stephan","email_recipient_status":[{"recipient":"stephan.name@example.com","delivery_status":{"status_code":"424","status_text":"sendEmail Error, status:Could not convert socket to TLS"}}],"delivery_status":{"status_code":"424","status_text":"sendEmail Error, status:Could not convert socket to TLS"}}]}]
