AW: Too many certificates in chain?!? Help!

Thu, 18 May 2023 00:18:28 -0700 

Hello James,

> -----Ursprüngliche Nachricht-----
> Von: James H. H. Lampert <jam...@touchtonecorp.com.INVALID>
> Gesendet: Donnerstag, 18. Mai 2023 02:00
> An: Tomcat Users List <users@tomcat.apache.org>
> Betreff: Too many certificates in chain?!? Help!
> 
> Ladies and Gentlemen:
> 
> I just had to revert a customer Tomcat server immediately after plugging in a
> new keystore.
> 
> It failed in protocol handler initialization.
> 
>    Caused by: java.lang.IllegalArgumentException: Too many certificates in
> chain   at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(Abstract
> JsseEndpoint.java:100)
>   at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEn
> dpoint.java:72)
> 
>   at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:246)
> 
>   at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1161
> )
> 
>   at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.j
> ava:222)
> 
>   at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:599)
> 
>   at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protoc
> ol.java:80)
> 
>   at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1074)
> 
>   . . .
> 
> I've never seen anything like this before. According to KeyStore Explorer
> 5.4.4, the chain consists of a root, an intermediate, and the signed 
> certificate
> for the web site. And the root and intermediate are exactly the same root
> and intermediate as the last good keystore.
> 
> Can anybody shed any light on what went wrong?
> 
> Tomorrow morning, I'm going to try plugging the keystore into a Tomcat
> server on an AS/400 in the office, to see if I can reproduce it.
> 
> --
> James H. H. Lampert
> 

Which version of tomcat do you use?
Is the stack trace truncated in your mail? Is there a "caused by ..." further 
down the stacktrace?

It looks like the error is thrown deeper in SSLUtil when creating the ssl 
context.
Maybe you can post the full stack trace.

Greetings,
Thomas

Reply via email to