On 5/23/23 10:02 AM, Rob Sargent wrote:
Does pathLen:0 mean "no limit" or "no go"?
Well given that the "Basic Constraints" are exactly the same, across the
board, in *both* the keystores that worked fine and the keystore that
blew up, I don't think that's a factor. And the fact that the
On 5/23/23 10:13, James H. H. Lampert wrote:
On 5/23/23 8:31 AM, Christopher Schultz wrote:
Can you dump the whole cert (e.g. keytool -list -v -alias 'certname')
for each cert and see if any of the certificates specify a maximum
chain length somewhere? Evidently, it's an extension to the
On 5/23/23 8:31 AM, Christopher Schultz wrote:
Can you dump the whole cert (e.g. keytool -list -v -alias 'certname')
for each cert and see if any of the certificates specify a maximum chain
length somewhere? Evidently, it's an extension to the X.509 spec:
Comparing one that worked with one
James,
On 5/18/23 16:01, James H. H. Lampert wrote:
On 5/18/23 12:18 AM, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Which version of tomcat do you use?
Is the stack trace truncated in your mail? Is there a "caused by ..."
further down the stacktrace?
It looks like the error is thrown deeper
Hello James,
> -Ursprüngliche Nachricht-
> Von: James H. H. Lampert
> Gesendet: Freitag, 19. Mai 2023 00:33
> An: Tomcat Users List
> Betreff: Re: AW: AW: Too many certificates in chain?!? Help!
>
> On 5/18/23 1:57 PM, Thomas Hoffmann (Speed4Trade GmbH) wrote
On 5/18/23 1:57 PM, Thomas Hoffmann (Speed4Trade GmbH) wrote:
So the error is raised not by tomcat but by the ibm JDK.
Yes. The results reported in my latest email say as much.
Those results also say that there's something different -- radically
different, judging from the amount of red
Hello James,
> -Ursprüngliche Nachricht-
> Von: James H. H. Lampert
> Gesendet: Donnerstag, 18. Mai 2023 22:01
> An: Tomcat Users List
> Betreff: Re: AW: Too many certificates in chain?!? Help!
>
> On 5/18/23 12:18 AM, Thomas Hoffmann (Speed4Trade GmbH) wro
18, 2023 3:42 PM
> To: Tomcat Users List
> Subject: Re: AW: Too many certificates in chain?!? Help!
>
> Weirder and weirder. (And hopefully, my previous email, with a catalina.out
> excerpt as an attachment, actually got distributed to the
> List.)
>
> I copied the cert
Weirder and weirder. (And hopefully, my previous email, with a
catalina.out excerpt as an attachment, actually got distributed to the
List.)
I copied the cert and the unsigned keystore from my new Mac (M2 Mini,
running Ventura) to my old Mac (2017 iMac, running Catalina), and
signing and
cooperation.
> -Original Message-
> From: James H. H. Lampert
> Sent: Thursday, May 18, 2023 3:01 PM
> To: Tomcat Users List
> Subject: Re: AW: Too many certificates in chain?!? Help!
>
> On 5/18/23 12:18 AM, Thomas Hoffmann (Speed4Trade GmbH) wrote:
> > Whi
On 5/18/23 12:18 AM, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Which version of tomcat do you use?
Is the stack trace truncated in your mail? Is there a "caused by ..." further
down the stacktrace?
It looks like the error is thrown deeper in SSLUtil when creating the ssl
context.
Maybe you
Hello James,
> -Ursprüngliche Nachricht-
> Von: James H. H. Lampert
> Gesendet: Donnerstag, 18. Mai 2023 02:00
> An: Tomcat Users List
> Betreff: Too many certificates in chain?!? Help!
>
> Ladies and Gentlemen:
>
> I just had to revert a customer Tomc
On 5/17/23 5:10 PM, Jason Tan wrote:
Have a look at this.
https://success.qualys.com/discussions/s/question/0D52L4To0DUSAZ/your-ssl-server-test-incorrectly-reports-an-incomplete-chain
That's actually my own thread, from a few years ago.
The problem here is not an incomplete chain, and
-Original Message-
From: James H. H. Lampert
Sent: Thursday, May 18, 2023 10:00 AM
To: Tomcat Users List
Subject: Too many certificates in chain?!? Help!
Ladies and Gentlemen:
I just had to revert a customer Tomcat server immediately after plugging in a
new keystore.
It failed
Ladies and Gentlemen:
I just had to revert a customer Tomcat server immediately after plugging
in a new keystore.
It failed in protocol handler initialization.
Caused by: java.lang.IllegalArgumentException: Too many certificates
in chain
at
15 matches
Mail list logo