If you get an error like this, most likely that's because Google blocked your IMAP connection because it thought it was a non secure app:
2018-03-19 07:06:09:118 ERROR [ForkJoinPool-1-worker-1] c.c.S.m.c.JavaMailIMAPClient - Failed to make connection with STARTTLS to server imap.gmail.com, port 993, trying SSL connection
2018-03-19 07:06:10:665 ERROR [ForkJoinPool-1-worker-1] c.c.S.m.c.JavaMailIMAPClient - Failed to connect to the Store.
javax.mail.AuthenticationFailedException: [ALERT] Please log in via your web browser: https://support.google.com/mail/accounts/answer/78754 (Failure)
at java.util.concurrent.ForkJoinTask$AdaptedCallable.exec(Unknown Source)
at java.util.concurrent.ForkJoinTask.doExec(Unknown Source)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(Unknown Source)
at java.util.concurrent.ForkJoinPool.runWorker(Unknown Source)
at java.util.concurrent.ForkJoinWorkerThread.run(Unknown Source)
You may even get an email from Google about it:
Monday, March 19, 2018 7:01 AM (PT)
Santa Clara, CA, USA*Don't recognize this activity?
If you didn't recently receive an error while trying to access a Google service, like Gmail, from a non-Google application, someone may have your password.
SECURE YOUR ACCOUNT
Are you the one who tried signing in?
Google will continue to block sign-in attempts from the app you're using because it has known security problems or is out of date. You can continue to use this app by allowing access to less secure apps, but this may leave your account vulnerable.
The Google Accounts team *The location is approximate and determined by the IP address it was coming from.
This email can't receive replies. For more information, visit the Google Accounts Help Center. You received this mandatory email service announcement to update you about important changes to your Google product or account. © 2018 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA et:27
Some apps and devices use less secure sign-in technology, which could leave your account vulnerable. You can turn off access for these apps (which we recommend) or choose to use them despite the risks.
To resolve this, you may need to change your security in Google to allow the SDM connection:
1) With in your "My Account" settings of Gmail account
2) select Sign-in & Security
3) Click on Apps with account access
4) Turn ON the option "Allow less secure apps"
5) Retest your maileater again
Another way to test is to test this directly using OpenSSL against the IMAP/POP ports in question. This lets you test a basic connection to see the certificate chain that the port is using:
a) openssl s_client -starttls pop3 -connect Outlook.com:110 -showcerts
(You may see an error like this: because we did not provide a certificate for the above test yet: Verify return code: 21 (unable to verify the first certificate) )
Note: for IMAP, it would be: openssl s_client -starttls imap -connect Outlook.com:143 -showcerts
b) You should now see some output, showing the certificate chain that the server knows about. In this case its just Cert Authority issuing server cert.
c) You can save the text for the mentioned server certificate to a file
..blahblah Real Cert...
d) You can now open this certificate and check the Certificate Chain. All we need is the Root CA cert, so follow the steps like you did in the Instructions section to export Root Cert. Resulting file is what we need in SDM