SSLHandshakeException error when IMAPS protocol is configured for Approval Email Server in RSA Governance & Lifecycle
Article Number
Applies To
Issue
javax.mail.MessagingException: Could not connect to message store for imaps://username@imaps-server.hostname:993; nested exception is: javax.mail.MessagingException: Remote host terminated the handshake; nested exception is: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake at com.aveksa.server.email.common.EmailUtils.connectToMailStore(EmailUtils.java:651) at com.aveksa.server.email.mailboxmonitor.MailboxMonitorThread.checkForMail(MailboxMonitorThread.java:178) at com.aveksa.server.email.mailboxmonitor.MailboxMonitorThread.run(MailboxMonitorThread.java:46) Caused by: javax.mail.MessagingException: Remote host terminated the handshake; nested exception is: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:670) at javax.mail.Service.connect(Service.java:295) at javax.mail.Service.connect(Service.java:176) at javax.mail.Service.connect(Service.java:125) at com.aveksa.server.email.common.EmailUtils.connectToMailStore(EmailUtils.java:625) ... 2 more Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake at com.ibm.jsse2.bj.a(bj.java:18) at com.ibm.jsse2.bj.b(bj.java:1) at com.ibm.jsse2.bj.f(bj.java:427) at com.ibm.jsse2.bj.a(bj.java:406) at com.ibm.jsse2.bj.startHandshake(bj.java:160) at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:549) at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:354) at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:237) at com.sun.mail.iap.Protocol.<init>(Protocol.java:116) at com.sun.mail.imap.protocol.IMAPProtocol.<init>(IMAPProtocol.java:115) at com.sun.mail.imap.IMAPStore.newIMAPProtocol(IMAPStore.java:685) at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:636) ... 6 moreAn inspection of the TCP network traffic capture data shows a connection being attempted using TLSv1.0.
Cause
Resolution
mail.imaps.ssl.protocols=TLSv1.2Note: The JVM argument can be added on the WebSphere console > click Servers > Server types > WebSphere application servers > Select server > select the server used for SecurID Governance & Lifecycle > Configuration tab > select Server Infrastructure > Java and Process Management > Process Definition > Additional Properties > Java Virtual Machine > Generic JVM Arguments.
Related Articles
AFX Server remains in a 'Not running' State, afx status shows 'timed out waiting for AFX applications to start' and mule_e… Number of Views Artifacts to gather in RSA Identity Governance & Lifecycle Number of Views How to download and install the AFX Server Archive in RSA Identity Governance & Lifecycle Number of Views Replacing the server certificate used for the RSA Identity Governance & Lifecycle appliance web administration interface Number of Views How to Update the Root (Server) and Client Certificates in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
