Issue:
The pdm_mail_nxd stopped sending notifications due to the error in the log:
02/05 21:12:15.54 sdmserver pdm_mail_nxd 11680 ERROR
02/05 21:12:15.73 sdmserver pdm_mail_nxd 11680 ERROR hunny_mail_intf.c 2173 ThrdLogger Sess:11:0 Unable to connect to mail servers (outlook.com). Last message: TLS Connection to SMTP Server: outlook.com at Port: 587 failed. Error (15) Failed to find the CA certificate
02/05 21:12:15.73 sdmserver pdm_mail_nxd 11680 SIGNIFICANT hunny_mail_intf.c 1335 Send Mail retry scheduled
Environment:
Service Desk Manager 14.x / 17.x
Cause:
The certificate is not valid, expired or corrupted
Additional Information:
An alert to step 4.3 - Run pdm_perl pdm_keystore_mgr.pl -import c:\cert.cer (manually):
In case you get error in the command such as:
C:\PROGRA2\CA\SERVIC1\bin>pdm_perl pdm_keystore_mgr.pl -import C:\DigiCertGlob
alRootCA.cer
Generating 2.048 bit RSA key pair and self-signed certificate (SHA256withRSA) wi
th a validity of 36.500 days
for: CN=CA, OU=CA Service Desk Manager, O=EITM, L=Islandia, ST=NY, C=US
[Storing D:\PROGRA2\CA\SERVIC1\pdmconf\nx.keystore]
Certificate was added to keystore
[Storing D:\PROGRA2\CA\SERVIC1\pdmconf\nx.keystore]
FAILED: The certificate was not imported into the keystore.
Exiting at pdm_keystore_mgr.pl line 170.
Then try to copy the certificate content from STEP 2 to a text file, and re-ran the command to manually import it. The expected result is:
C:\PROGRA2\CA\SERVIC1\bin>pdm_perl pdm_keystore_mgr.pl -import C:\cert.cer
Generating 2.048 bit RSA key pair and self-signed certificate (SHA256withRSA) wi
th a validity of 36.500 days
for: CN=CA, OU=CA Service Desk Manager, O=EITM, L=Islandia, ST=NY, C=US
[Storing D:\PROGRA2\CA\SERVIC1\pdmconf\nx.keystore]
Certificate was added to keystore
[Storing D:\PROGRA2\CA\SERVIC1\pdmconf\nx.keystore]
SUCCESS!
The certificate cert.cer has been imported.
Use -list to see the contents of the keystore.
If it fail to import the certificate, run the command to see if it's already there:
C:\PROGRA2\CA\SERVIC1\bin>pdm_perl pdm_keystore_mgr.pl -list -v
You may see something similar to:
Alias name: cert.cer
Creation date: 06/02/2019
Entry type: trustedCertEntry
Owner: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Serial number: 83be056904246b1a1756ac95991c74a
Valid from: Thu Nov 09 22:00:00 BRST 2006 until: Sun Nov 09 22:00:00 BRST 2031
Certificate fingerprints:
MD5: 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E
SHA1: A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
SHA256: 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:
26:DB:25:7F:89:34:A4:43:C7:01:61
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 03 DE 50 35 56 D1 4C BB 66 F0 A3 E2 1B 1B C3 97 ..P5V.L.f.......
0010: B2 3D D1 55 .=.U
]
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 03 DE 50 35 56 D1 4C BB 66 F0 A3 E2 1B 1B C3 97 ..P5V.L.f.......
0010: B2 3D D1 55 .=.U
]
]
*******************************************
*******************************************
It means that the certificate is already imported. So go to the next step 4.4.