On 21/10/10 11:57 PM, glassfish_at_javadesktop.org wrote:
> Kumar or anyone,
>
> I have ...
>
> 2-way SSL setup with multiple CA's in my trust store (cacerts.jks - including CA from Kumar's example)
> a single CRL from one of the CA's in the trust store (mine)
do you mean the CRL was also placed in the TrustStore ?. Or are you just
saying the CRL-File had a single CRL generated by one of the CA's ?.
regards,
kumar
> Certs from 3 different CA's in the trust model loaded into my browser (one from Kumar's example)
>
> When I present a cert from the CA that also created the CRL everything works. Page display's (even if it shouldn't - another post).
>
> Problem ... When I present a cert from any other CA and they do not have a CRL loaded (see multiple CRL's in another post), the certpath processing seems to loop about 8 times and finally dies on an exception (see below) and the browser shows a "The connection was reset" server to busy error screen.
>
> certpath: CrlRevocationChecker.verifyWithSeparateSigningKey() got exception sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
>
> Please note that if I remove CRL processing (delete crl-file attribute from<ssl ... />) all the certs work just fine and the page is displayed.
>
> Any help would be greatly appreciated. (I'll let you write the white paper ;) )
>
> Thanks,
> Eric
> [Message sent by forum member 'eliscinsky']
>
> http://forums.java.net/jive/thread.jspa?messageID=485888
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>