Skip to Content

Gmail connectivity from HCI

Though it is simple configuration steps in HCI, I spent lot of time understanding how Gmail is accepting authentication.. I would like to share my experiences on this.

I am assuming readers has basic knowledge of creating IFlow and Sender SOAP communication channel in HCI.

Scenario:  SOAP to MAIL


Mail communication channel parameters


Deploy Gmail Credentials in the Artifacts 


When you provide your Gmail user ID and password, first instance you may get below error in HCI

Fault:534-5.7.9 Application-specific password required. Learn more at

534 5.7.9

AuthenticationFailedException:534-5.7.9 Application-specific password required

Point to be noted here is Gmail does not accept any direct connectivity from HCI, it expects 2 way connectivity as below.

Enable 2-step verification and set a App password for HCI.


Select other custom app and generate a password in app passwords



Copy 16 character password and provide in HCI artifacts. Now it works for you..


You must be Logged on to comment or reply to a post.
  • Hi Madhav,

    firstly thanks for this very 'walk through' but i have a question which answer to, i hope, you would know. so the situation is that i used in my flow 'parallel  multicast' and my message (which is soap request) reaches both web service and smtp server. my client (sproxy) expects response from web service but instead i receive exact copy of the content sent to SMTP server which leads to en exception in sproxy. do you know perhaps how could i make it stop, i mean how could i suppress this smtp respons and leave only response from web service ?


    best regards


  • Hi,

    i am getting connection time out while run the iflow with mail adapter have google account smtp, but in connectivity test with same account and user password response is successfully reached host.


    Error code -

    javax.mail.MessagingException: Exception reading response;
      nested exception Read timed out (local port 47197 to address (, remote port 465 to address (, cause:  Read timed out (local port 47197 to address (,  remote port 465 to address (


    Please Help


    Sidharth Mehta

  • Certificate problems?


    LastError = org.apache.camel.CamelExchangeException: Parallel processing failed for number 1. Exchange[ID-vsa3689155-56028-1519058190794-353-7417]. Caused by: [org.apache.camel.RuntimeCamelException - javax.mail.MessagingException: Could not convert socket to TLS;
    nested exception is: PKIX path building failed: unable to find valid certification path to requested target], cause: unable to find valid certification path to requested target


    • Hello Federico,

      Did you resolve this issue? I am too getting something similar.

      connectivity test seems fine, however giving out PKIX path building fails.

      Thanks and Regards,


      • Hi Amulya and Federico,

        To resolve this certificate error you need to deploy the certificate in the keystore.

        In order to get the certificate, you need to run the following command in terminal:

        openssl s_client -starttls smtp -connect | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

        After that you copy and paste the certificate on a file and then you import that file in the CPI/HCI.


  • If you don't have (or don't want) 2-factor authentication enabled, you can enable "Less secure apps" in your google account:

    Then you can use your "normal" gmail login

  • Hello,


    Thanks for sharing the blog. It helps.

    I selected Proctection = STARTTLSMandatory , I got similar error ' need app password' though I entered the app password in CPI.

    Later I changed to STARTTLSOptional, it worked.


    reg, Shetty