Skip to Content
Author's profile photo Former Member

Gmail connectivity from HCI

Though it is simple configuration steps in HCI, I spent lot of time understanding how Gmail is accepting authentication.. I would like to share my experiences on this.

I am assuming readers has basic knowledge of creating IFlow and Sender SOAP communication channel in HCI.

Scenario:  SOAP to MAIL


Mail communication channel parameters


Deploy Gmail Credentials in the Artifacts 


When you provide your Gmail user ID and password, first instance you may get below error in HCI

Fault:534-5.7.9 Application-specific password required. Learn more at

534 5.7.9

AuthenticationFailedException:534-5.7.9 Application-specific password required

Point to be noted here is Gmail does not accept any direct connectivity from HCI, it expects 2 way connectivity as below.

Enable 2-step verification and set a App password for HCI.


Select other custom app and generate a password in app passwords



Copy 16 character password and provide in HCI artifacts. Now it works for you..


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Sriprasad Shivaram Bhat
      Sriprasad Shivaram Bhat

      Nice Blog Madhav.!

      Its Very helpful for beginners for trying out mail adapter features.


      Sriprasad Shivaram Bhat

      Author's profile photo Pawel Kobylinski
      Pawel Kobylinski

      Hi Madhav,

      firstly thanks for this very 'walk through' but i have a question which answer to, i hope, you would know. so the situation is that i used in my flow 'parallel  multicast' and my message (which is soap request) reaches both web service and smtp server. my client (sproxy) expects response from web service but instead i receive exact copy of the content sent to SMTP server which leads to en exception in sproxy. do you know perhaps how could i make it stop, i mean how could i suppress this smtp respons and leave only response from web service ?


      best regards


      Author's profile photo Ajay Vaddemani
      Ajay Vaddemani

      Hi Madhav,

      Can you also show the configuration for sender mail adapter.

      Author's profile photo Patric Leßmann
      Patric Leßmann

      That would be also interesting for me...


      Best regards,


      Author's profile photo Sidharth Mehta
      Sidharth Mehta


      i am getting connection time out while run the iflow with mail adapter have google account smtp, but in connectivity test with same account and user password response is successfully reached host.


      Error code -

      javax.mail.MessagingException: Exception reading response;
        nested exception Read timed out (local port 47197 to address (, remote port 465 to address (, cause:  Read timed out (local port 47197 to address (,  remote port 465 to address (


      Please Help


      Sidharth Mehta

      Author's profile photo Federico Bellizia
      Federico Bellizia

      Certificate problems?


      LastError = org.apache.camel.CamelExchangeException: Parallel processing failed for number 1. Exchange[ID-vsa3689155-56028-1519058190794-353-7417]. Caused by: [org.apache.camel.RuntimeCamelException - javax.mail.MessagingException: Could not convert socket to TLS;
      nested exception is: PKIX path building failed: unable to find valid certification path to requested target], cause: unable to find valid certification path to requested target


      Author's profile photo Amulya Lewis
      Amulya Lewis

      Hello Federico,

      Did you resolve this issue? I am too getting something similar.

      connectivity test seems fine, however giving out PKIX path building fails.

      Thanks and Regards,


      Author's profile photo Guilherme Cardoso
      Guilherme Cardoso

      Hi Amulya and Federico,

      To resolve this certificate error you need to deploy the certificate in the keystore.

      In order to get the certificate, you need to run the following command in terminal:

      openssl s_client -starttls smtp -connect | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

      After that you copy and paste the certificate on a file and then you import that file in the CPI/HCI.


      Author's profile photo Shreshtt Bhatt
      Shreshtt Bhatt

      Thanks it worked

      Author's profile photo Markus Perndorfer
      Markus Perndorfer

      If you don't have (or don't want) 2-factor authentication enabled, you can enable "Less secure apps" in your google account:

      Then you can use your "normal" gmail login

      Author's profile photo Avinash Mallashetty
      Avinash Mallashetty



      Thanks for sharing the blog. It helps.

      I selected Proctection = STARTTLSMandatory , I got similar error ' need app password' though I entered the app password in CPI.

      Later I changed to STARTTLSOptional, it worked.


      reg, Shetty