Advanced Mail Settings March 11, 2025 12:35 Updated While configuring the mail service (or before ADONIS 16, ADOIT 17 und ADOGRC 13), there is the additional option to use encryption methods. Disclaimer: The following article concerns third party topics and should only be treated as a recommendation, please consult a professional. Encryption options StartTLS (optional): Use StartTLS to upgrade to a secure connection. If the email server does not support StartTLS, an unencrypted connection is used. StartTLS (required): Use StartTLS to upgrade to a secure connection. If the email server does not support StartTLS, the operation will fail (= emails are not sent). SSL/TLS: Use SSL or TLS to encrypt communication. If the email server does not support SSL/TLS, the operation will fail (= emails are not sent). Common issue Whenever Java attempts to connect to another application over SSL (e.g.: HTTPS, IMAPS, LDAPS), it will only be able to connect to applications it can trust. The way trust is handled in Java is that there is a truststore (typically $JAVA_HOME/lib/security/cacerts). The truststore contains a list of all known Certificate Authority (CA) certificates, and Java will only trust certificates that are signed by one of those CAs or public certificates that exist within that truststore. If a relevant certificate is not contained in the truststore, a connection to the external service will not be possible and usually an exception will occur. In the context of mail settings, mails could not be sent out and errors in the logs could look like this: TLS negotiation failed with error Solution The relevant certificate needs to be imported. The suggested solution relates to the Truststore of the Java Virtual Machine. There is the possibility to do the same with Windows Certificate Stores (Please consult your IT-department). Stop the Web Server. Prepare the .cer file. Use the keytool that comes with Java and import the certificate to the keystore: d:\Java\jdk-20.0.2\bin\keytool.exe -import -alias textshuttle -keystore "D:\Java\jdk-20.0.2\lib\security\cacerts" -file "D:\temp\certificate.der" If the certificate was downloaded as .pem file, just the filename changes: ... -file "D:\temp\certificate.pem" When asked if you want to trust the certificate and you do, type "yes". After the certificate was imported, the web application has to be restarted. Further sources For a more detailed explanation, please refer to the documentation of Oracle or IBM. Related articles REST-API Connection Troubleshooting BOC Product Installation & Update Process (on premise) How do I change the languages in my BOC product? Handling CVEs in third-party components Why are emails not delivered during the Release Workflow?