Debugging SSL issues with your SMTP, POP3, IMAP or LDAP servers

Owned by Rashmi Likhite
Last updated: Jul 24, 2015

Celoxis SSL Poke is a java program that connects via SSL to a host and port of your choice. The server could be a web server, mail server or any other server that supports SSL. The primary objective is to determine whether Java can authenticate the server's certificate using its trusted CA certificate store. This program also verifies whether the host and port are correct.

Download

Click here to download ssl-poke.zip.  

Usage

  1. Unzip the ssl-poke.zip file. It should create a folder that contains the SSLPoke.class file.
  2. Open a terminal window on Unix/Linux or Command prompt in Windows and cd to the folder that contains the SSLPoke.class file

  3. Then type:

    java SSLPoke <host> <port>

Examples

  1. Connect to our web server

    $ java SSLPoke www.celoxis.com 443
SUCCESS

  2. Connect to a server with a self-signed certificate

    $ java SSLPoke localhost 8843
FAILURE: javax.net.ssl.SSLHandshakeException : PKIX path building failed
         unable to find valid certification path to requested target

  3. Connect to our IMAP+SSL mail server

    $ java SSLPoke secure.emailsrvr.com 993
SUCCESS
  • Ensure you are executing the program using JDK; not JRE.
  • You need to run the SSLPoke from command prompt of the application server such that the JDK used by Celoxis application will be the same one used SSLPoke tool. 

 

Error Messages

  • javax.net.ssl.SSLHandshakeException : sun.security.validator.ValidatorException: PKIX path building failed
    Java cannot authenticate the server's SSL certificate because its Certificate Authority (CA) is not present in its trusted CA store.

  • java.net.UnknownHostException
    The host name is invalid i.e. not resolvable by your DNS server

  • java.net.ConnectException : Connection refused
    Port is invalid. No server is listening on that port.

  •  java.net.ConnectException : Operation timed out
     The host: port combo cannot be connected. Most likely your firewall is blocking the connection, or, the IP address of the host is incorrect.

  • javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
    The mismatch between host specified in input and host name in the SSL certificate.