Kumar or anyone,
I have ...
2-way SSL setup with multiple CA's in my trust store (cacerts.jks - including CA from Kumar's example)
a single CRL from one of the CA's in the trust store (mine)
Certs from 3 different CA's in the trust model loaded into my browser (one from Kumar's example)
When I present a cert from the CA that also created the CRL everything works. Page display's (even if it shouldn't - another post).
Problem ... When I present a cert from any other CA and they do not have a CRL loaded (see multiple CRL's in another post), the certpath processing seems to loop about 8 times and finally dies on an exception (see below) and the browser shows a "The connection was reset" server to busy error screen.
certpath: CrlRevocationChecker.verifyWithSeparateSigningKey() got exception sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Please note that if I remove CRL processing (delete crl-file attribute from <ssl ... />) all the certs work just fine and the page is displayed.
Any help would be greatly appreciated. (I'll let you write the white paper ;) )
Thanks,
Eric
[Message sent by forum member 'eliscinsky']
http://forums.java.net/jive/thread.jspa?messageID=485888