On Sun, 21 May 2017, Anton via Info-cyrus wrote: > Problem looks like java app cannot validate new cert. Check ssl_store > for your java based mail gate. Are there CA and Intermediate SSL > Certificates for your new 256ssl cert in mail gate ssl store? Some java versions can take https stapling *really* seriously. You could check if the OCSP URL, and any other URLs inside the certificate itself are all https... This is known to be an issue at least on Debian openjdk-7 v121 and later, and it was rather annoying to track down. I have personally observed it happen only to IcedTea (old-style browser plugin to run java applets), which would refuse to run a signed applet received over https if the applet-signing certificate has an http OCSP URI, but still... -- Henrique Holschuh ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
