Hello,

After having successfully installed and used OXtender for Business Mobility (both the beta version and the release), we had to provide a new alias for our Open-Xchange server, and we have associated a new certificate to this new machine alias (we are using https).

Since then, use of OXtender for Business Mobility fails will the following log:

FINE: HTTP POST command:FolderSync, user:myuser, deviceId:Appl879786L8Y7H, deviceType:iPhone
Oct 1, 2009 1:35:50 PM com.openexchange.usm.ox_json.impl.OXJSONAccessImpl login
WARNING: 0:0:myuser:EAS:Appl879786L8Y7H Error while authenticating
18000e: com.openexchange.usm.api.exceptions.OXCommunicatio nException: Exception occurred during communication with OX server
at com.openexchange.usm.ox_json.impl.OXJSONAccessImpl .executeMethodOnce(OXJSONAccessImpl.java:315)
at com.openexchange.usm.ox_json.impl.OXJSONAccessImpl .performLogin(OXJSONAccessImpl.java:93)
at com.openexchange.usm.ox_json.impl.OXJSONAccessImpl .login(OXJSONAccessImpl.java:55)
at com.openexchange.usm.ox_json.impl.OXJSONAccessServ ice.login(OXJSONAccessService.java:58)
at com.openexchange.usm.session.impl.SessionManagerIm pl.getSession(SessionManagerImpl.java:137)
at com.openexchange.usm.session.impl.SessionManagerSe rvice.getSession(SessionManagerService.java:26)
at com.openexchange.usm.eas.servlet.EASServlet.handle Request(EASServlet.java:421)
at com.openexchange.usm.eas.servlet.EASServlet.doPost (EASServlet.java:310)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:616)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:689)
at com.openexchange.ajp13.najp.AJPv13RequestHandlerIm pl.doServletService(AJPv13RequestHandlerImpl.java: 433)
at com.openexchange.ajp13.AJPv13Request.response(AJPv 13Request.java:128)
at com.openexchange.ajp13.najp.AJPv13RequestHandlerIm pl.createResponse(AJPv13RequestHandlerImpl.java:28 6)
at com.openexchange.ajp13.najp.AJPv13ConnectionImpl.c reateResponse(AJPv13ConnectionImpl.java:189)
at com.openexchange.ajp13.najp.AJPv13Task.run(AJPv13T ask.java:281)
at java.util.concurrent.Executors$RunnableAdapter.cal l(Executors.java:417)
at java.util.concurrent.FutureTask$Sync.innerRun(Futu reTask.java:269)
at java.util.concurrent.FutureTask.run(FutureTask.jav a:123)
at java.util.concurrent.ThreadPoolExecutor$Worker.run Task(ThreadPoolExecutor.java:650)
at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:675)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1584)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:848)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:877)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1089)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRe cord(SSLSocketImpl.java:618)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write (AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:123)
at org.apache.commons.httpclient.methods.EntityEnclos ingMethod.writeRequestBody(EntityEnclosingMethod.j ava:506)
at org.apache.commons.httpclient.HttpMethodBase.write Request(HttpMethodBase.java:2114)
at org.apache.commons.httpclient.HttpMethodBase.execu te(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.e xecuteWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.e xecuteMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMe thod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMe thod(HttpClient.java:323)
at com.openexchange.usm.ox_json.impl.OXJSONAccessImpl .executeMethodOnce(OXJSONAccessImpl.java:304)
... 20 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXV alidator.java:221)
at sun.security.validator.PKIXValidator.engineValidat e(PKIXValidator.java:145)
at sun.security.validator.Validator.validate(Validato r.java:203)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl. checkServerTrusted(X509TrustManagerImpl.java:172)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager. checkServerTrusted(SSLContextImpl.java:320)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:841)
... 37 more


The new certificate is signed by an internal certificate authority, so I have added this new authority to the list of trusted authorities using keytool:

keytool -import -file myauth.crt -trustcacerts -keystore /usr/lib/jvm/java-1.5.0-sun/jre/lib/security/cacerts -alias my-auth

It doesn't seem to help.

Any help will be appreciated.

Kind regards,

Michaël