Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Invalid
-
2.2.0
-
None
-
None
-
linux, windows
Description
We use a certificate on https://www.privasphere.com where the root certificate is part of most standard pre-distributed keystore (CN = QuoVadis Root Certification Authority
OU = Root Certification Authority
O = QuoVadis Limited
C = BM) but the intermediary certificate is not (CN = QV Schweiz ICA
OU = Issuing Certificate Authority
O = QuoVadis Trustlink Schweiz AG
C = CH).
When just using the leaf certificate to the java keystore with tomcat and james, both firefox and thunderbird complain.
When adding the full certificate chain to the java keystore. The tomcat - firefox combination now works fine, james - thunderbird doesn't.
AFAIK, firefox and thunderbird have the identical copies of the trust store and tls stack, while james uses the legacy cornerstone/avalone. Can anyone confirm the problem?
Feel free to test on smtp.privasphere.com:995