Will run your emails through the JDK experts who handle revocation and
will reply in a few days.
On 21/10/10 11:57 PM, glassfish_at_javadesktop.org wrote:
> Kumar or anyone,
>
> I have ...
>
> 2-way SSL setup with multiple CA's in my trust store (cacerts.jks - including CA from Kumar's example)
> a single CRL from one of the CA's in the trust store (mine)
> Certs from 3 different CA's in the trust model loaded into my browser (one from Kumar's example)
>
> When I present a cert from the CA that also created the CRL everything works. Page display's (even if it shouldn't - another post).
>
> Problem ... When I present a cert from any other CA and they do not have a CRL loaded (see multiple CRL's in another post), the certpath processing seems to loop about 8 times and finally dies on an exception (see below) and the browser shows a "The connection was reset" server to busy error screen.
>
> certpath: CrlRevocationChecker.verifyWithSeparateSigningKey() got exception sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
>
> Please note that if I remove CRL processing (delete crl-file attribute from<ssl ... />) all the certs work just fine and the page is displayed.
>
> Any help would be greatly appreciated. (I'll let you write the white paper ;) )
>
> Thanks,
> Eric
> [Message sent by forum member 'eliscinsky']
>
> http://forums.java.net/jive/thread.jspa?messageID=485888
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>