Troubleshooting SMTP inbound email using StartTLS

For StartTLS support to work for inbound email, you must configure SSL for Java.

To identify whether you are having this problem, enable DEBUG logging for the class org.subethamail in your log4j.properties file.

startTLS() failed: no cipher suites in common

The following process outlines one methodology for creation of a self-signed certificate. However, this may differ between JVM vendors, so consult your JVM documentation for more information.

  1. Create a suitable key and certificate: 
    keytool -genkey -keystore mySrvKeystore -keyalg RSA
  2. Add the following somewhere in your Tomcat configuration. In RHEL 5, this file would be located at /etc/tomcat5/tomcat5.conf. For example:
    JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456"
This methodology explains how to create a self-signed certificate only. SSL vendors can provide certificates signed by an authority and may be more suitable for production use.