Re: AW: Too many certificates in chain?!? Help!

On 5/23/23 10:02 AM, Rob Sargent wrote: Does pathLen:0 mean "no limit" or "no go"? Well given that the "Basic Constraints" are exactly the same, across the board, in *both* the keystores that worked fine and the keystore that blew up, I don't think that's a factor. And the fact that the

Re: AW: Too many certificates in chain?!? Help!

On 5/23/23 10:13, James H. H. Lampert wrote: On 5/23/23 8:31 AM, Christopher Schultz wrote: Can you dump the whole cert (e.g. keytool -list -v -alias 'certname') for each cert and see if any of the certificates specify a maximum chain length somewhere? Evidently, it's an extension to the

Re: AW: Too many certificates in chain?!? Help!

On 5/23/23 8:31 AM, Christopher Schultz wrote: Can you dump the whole cert (e.g. keytool -list -v -alias 'certname') for each cert and see if any of the certificates specify a maximum chain length somewhere? Evidently, it's an extension to the X.509 spec: Comparing one that worked with one

Re: AW: Too many certificates in chain?!? Help!

James, On 5/18/23 16:01, James H. H. Lampert wrote: On 5/18/23 12:18 AM, Thomas Hoffmann (Speed4Trade GmbH) wrote: Which version of tomcat do you use? Is the stack trace truncated in your mail? Is there a "caused by ..." further down the stacktrace? It looks like the error is thrown deeper

AW: AW: AW: Too many certificates in chain?!? Help!

Hello James, > -Ursprüngliche Nachricht- > Von: James H. H. Lampert > Gesendet: Freitag, 19. Mai 2023 00:33 > An: Tomcat Users List > Betreff: Re: AW: AW: Too many certificates in chain?!? Help! > > On 5/18/23 1:57 PM, Thomas Hoffmann (Speed4Trade GmbH) wrote

Re: AW: AW: Too many certificates in chain?!? Help!

On 5/18/23 1:57 PM, Thomas Hoffmann (Speed4Trade GmbH) wrote: So the error is raised not by tomcat but by the ibm JDK. Yes. The results reported in my latest email say as much. Those results also say that there's something different -- radically different, judging from the amount of red

AW: AW: Too many certificates in chain?!? Help!

Hello James, > -Ursprüngliche Nachricht- > Von: James H. H. Lampert > Gesendet: Donnerstag, 18. Mai 2023 22:01 > An: Tomcat Users List > Betreff: Re: AW: Too many certificates in chain?!? Help! > > On 5/18/23 12:18 AM, Thomas Hoffmann (Speed4Trade GmbH) wro

RE: AW: Too many certificates in chain?!? Help!

18, 2023 3:42 PM > To: Tomcat Users List > Subject: Re: AW: Too many certificates in chain?!? Help! > > Weirder and weirder. (And hopefully, my previous email, with a catalina.out > excerpt as an attachment, actually got distributed to the > List.) > > I copied the cert

Re: AW: Too many certificates in chain?!? Help!

Weirder and weirder. (And hopefully, my previous email, with a catalina.out excerpt as an attachment, actually got distributed to the List.) I copied the cert and the unsigned keystore from my new Mac (M2 Mini, running Ventura) to my old Mac (2017 iMac, running Catalina), and signing and

RE: AW: Too many certificates in chain?!? Help!

cooperation. > -Original Message- > From: James H. H. Lampert > Sent: Thursday, May 18, 2023 3:01 PM > To: Tomcat Users List > Subject: Re: AW: Too many certificates in chain?!? Help! > > On 5/18/23 12:18 AM, Thomas Hoffmann (Speed4Trade GmbH) wrote: > > Whi

Re: AW: Too many certificates in chain?!? Help!

On 5/18/23 12:18 AM, Thomas Hoffmann (Speed4Trade GmbH) wrote: Which version of tomcat do you use? Is the stack trace truncated in your mail? Is there a "caused by ..." further down the stacktrace? It looks like the error is thrown deeper in SSLUtil when creating the ssl context. Maybe you

AW: Too many certificates in chain?!? Help!

Hello James, > -Ursprüngliche Nachricht- > Von: James H. H. Lampert > Gesendet: Donnerstag, 18. Mai 2023 02:00 > An: Tomcat Users List > Betreff: Too many certificates in chain?!? Help! > > Ladies and Gentlemen: > > I just had to revert a customer Tomc

Re: Too many certificates in chain?!? Help!

On 5/17/23 5:10 PM, Jason Tan wrote: Have a look at this. https://success.qualys.com/discussions/s/question/0D52L4To0DUSAZ/your-ssl-server-test-incorrectly-reports-an-incomplete-chain That's actually my own thread, from a few years ago. The problem here is not an incomplete chain, and

RE: Too many certificates in chain?!? Help!

-Original Message- From: James H. H. Lampert Sent: Thursday, May 18, 2023 10:00 AM To: Tomcat Users List Subject: Too many certificates in chain?!? Help! Ladies and Gentlemen: I just had to revert a customer Tomcat server immediately after plugging in a new keystore. It failed

Too many certificates in chain?!? Help!

Ladies and Gentlemen: I just had to revert a customer Tomcat server immediately after plugging in a new keystore. It failed in protocol handler initialization. Caused by: java.lang.IllegalArgumentException: Too many certificates in chain  at