Fixing Oracle SOA suite email drive pop3 problem: “PKIX path building failed: unable to find valid certification path to requested target”

I just spent quite some time fixing pop3 for UMS email driver in Oracle SOA suite. The problem was with the Human Task actionable emails. I was receiving the emails just fine, but when I was hitting reply no action was being taken on the sever side. Quick glance at the email driver stats revealed that it was not receiving any emails ().

After looking at the service bus error log I found that the problem was with verifying the certificate from the server (). After further investigation I found that the server was configured to use demo certificates by default, so wasn’t able to validate any certificates except for the one generated for some demo scenario. Here is how to fix this:

In your domains//bin directory find file (or .cmd in windows world), find line that defines EXTRA_JAVA_PROPERTIES. Remove ”${WL_HOME}/server/lib/DemoTrust.jks” from the list of parameters assigned to this var.

Go to the admin console (typically it’s http://:7001/console), hit Lock&Edit Changes if necessary. Now go to “CTOAdminServer” -> Configuration -> Keystores -> hit Change Keystores button -> change Keystores to “Custom Identity and Java Standard Trust” -> Save. Activate configuration changes if necessary and restart Admin Server. If you already have emails in the pop3 mailbox you should see them processed on server restart.

These instructions are provided in assumption that you use default server configuration, if you changed the deployments, server names etc please adjust the instructions accordingly.

Leave a Reply