Connect on-premise: Event Emails may fail to be sent.
This is specific to Connect on-premise installations with Events and with SSL configured for the Event service.
When you create a new Event there are a bunch of different email notifications available, including confirmation of new registrations, event reminders, thank you notes etc.
These emails are created from email templates that the Connect application server needs to download from the CQ publish server before they’re sent out.
If you have the CQ service configured with SSL the Connect server needs to trust the certificates you configured on the remote CQ publish host, otherwise it will fail on the template download and you will get a log message as below written in the debug.log on your Connect server:
[…]
[03-21 08:37:52,983] cqEmailer0 (INFO) 1ms spid:197 fetch com.macromedia.breeze.model.CQTemplate(“84457”)
[03-21 08:37:52,990] cqEmailer0 (INFO) Error while fetching template from CQ: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[03-21 08:37:52,990] cqEmailer0 (ERROR) Exception thrown
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[…]
To fix this, import the SSL certificate of your CQ publish server to the Connect server keystore.
On the Connect server, open a command line and change to this directory: <drive>:\Connect\9.x\jre\bin\
The command to import the certificate is as follows (of course replace c:\pathToCertFile\cert.crt with your own path and filename). Also, make sure the path to the keystore is correct for your environment and version of Connect.
keytool -importcert -trustcacerts -alias connectcerts -file c:\pathToCertFile\cert.crt -keystore c:\Connect\9.x\jre\lib\security\cacerts
(If you are using intermediate certificates, you can import the whole chain as one single .crt file).