Hi Walter! On Sun, 21 May 2017, Henrique de Moraes Holschuh wrote: > On Sun, 21 May 2017, Walter H. via Info-cyrus wrote: > > On 21.05.2017 17:01, Henrique de Moraes Holschuh wrote: > > >On Sun, 21 May 2017, Anton via Info-cyrus wrote: > > >>Problem looks like java app cannot validate new cert. Check ssl_store > > >>for your java based mail gate. Are there CA and Intermediate SSL > > >>Certificates for your new 256ssl cert in mail gate ssl store? > > >Some java versions can take https stapling *really* seriously. > > > > > >You could check if the OCSP URL, and any other URLs inside the > > >certificate itself are all https... > > these URLs mustn't be https, as these is a never ending certificate > > validating story ... > > Makes sense, but it also means that java is broken... ... it also meas that _THAT_ java (which was complaining about the http OCSP URL) is broken ... Sorry about that that ;-) -- Henrique Holschuh ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
