[JAMES-695] missing intermediary certificates in keystore ignored - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Invalid
Affects Version/s: 2.2.0
Fix Version/s: None
Component/s: POP3Server
Labels:
None
Environment:
linux, windows

Description

We use a certificate on https://www.privasphere.com where the root certificate is part of most standard pre-distributed keystore (CN = QuoVadis Root Certification Authority
OU = Root Certification Authority
O = QuoVadis Limited
C = BM) but the intermediary certificate is not (CN = QV Schweiz ICA
OU = Issuing Certificate Authority
O = QuoVadis Trustlink Schweiz AG
C = CH).

When just using the leaf certificate to the java keystore with tomcat and james, both firefox and thunderbird complain.

When adding the full certificate chain to the java keystore. The tomcat - firefox combination now works fine, james - thunderbird doesn't.

AFAIK, firefox and thunderbird have the identical copies of the trust store and tls stack, while james uses the legacy cornerstone/avalone. Can anyone confirm the problem?

Feel free to test on smtp.privasphere.com:995

Attachments

Activity

People

Assignee:: Norman Maurer

Reporter:: Ralf Hauser

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 15/Nov/06 12:33

Updated:: 17/Nov/06 09:26

Resolved:: 17/Nov/06 09:26