Email port getting disconnected intermittently with certificate chain error

I am connecting to a gmail mailbox using an email port in IS 9.6.

The certificates have expired recently and I started to have Certificate errors in the log. So I’ve placed the new certificates in the truststore and removed the old ones.

The mail port now gets connected, the emails are retrieved, everything seems to work but once in a while I have a “Certification chain trust verification failed” error message and the email port gets disabled.

[173]2016-07-05 08:51:40 CEST [ISC.0009.0017W] Certification chain trust verification failed.
[172]2016-07-05 08:50:39 CEST [ISP.0068.0028W] This Server reconnected to POP3 server pop.gmail.com
[171]2016-07-05 08:49:37 CEST [ISP.0068.0028W] This Server reconnected to POP3 server pop.gmail.com
[170]2016-07-05 08:48:35 CEST [ISP.0068.0028W] This Server reconnected to POP3 server pop.gmail.com
[169]2016-07-05 08:47:34 CEST [ISP.0068.0028W] This Server reconnected to POP3 server pop.gmail.com
[168]2016-07-05 08:46:32 CEST [ISP.0068.0028W] This Server reconnected to POP3 server pop.gmail.com
[167]2016-07-05 08:45:30 CEST [ISP.0068.0028W] This Server reconnected to POP3 server pop.gmail.com
[166]2016-07-05 08:44:29 CEST [ISP.0068.0028W] This Server reconnected to POP3 server pop.gmail.com

If I try to connect the mail port again, sometimes I get this error

Failed to start EmailListener:pop3s:@gmail.com@pop.gmail.com: [ISS.0070.9003] Enable failed: Could not log into account @gmail.com@pop.gmail.com

But after editing the email port configuration, for example if I enter the password again and save it, it gets connected again. After a few emails are successfully retrieved from the mailbox, after around 20 or 30 minutes, it gets disconnected again.

I would expect the email port to either always work or never work if the certificates were wrong.

But having this intermittent behavior is making it hard to find the real reason why it’s failing.

I have only faced this problem after the certificates have expired. Before that, I had it working with no issues for around 4 months.

Has anybody faced an issue like this?

Thanks,
João Parreira

Is this issue you are having after migration ? Share your fix levels ?

Thanks,

Product webMethods Integration Server
Version 9.6.0.0
Updates TNS_9.6_Fix1
IS_9.6_Core_Fix2

There was no migration. I’ve just updated the certificates. I’ve now removed the google certificate from the truststore, leaving only the intermediate and top-level certificates. It hasn’t failed yet, but I’ve done the change just a few minutes ago, so it’s still soon to be sure it’s solved.

– EDIT –
The attempt I’ve described above didn’t solve it. It works for sometime as before, then it disconnects the port.

Hi Joao,

please check if the intermediate and root certificates need to changed or updated.

Might be that one of these is also expired and was changed on Google side.

After changing the stores remember to refresh/clear the SSL cache of your IS.

Regards,
Holger

Please update your observations.

Thanks,

Please update your observations.

Thanks,

I’ve cleaned the cache and restarted the server. It still got disconnected after that. But it hasn’t failed for 19 hours now.

There are no conclusions at this point.