https://bz.apache.org/bugzilla/show_bug.cgi?id=63524
--- Comment #17 from Mark Thomas <ma...@apache.org> --- There are two separate issues here. The first is that the mechanism we are using to translate keys and certs to a common format internally is stricter than OpenSSL and requires a valid certificate chain. I have a patch that allows fall-back to direct OpenSSL configuration in this case. Alternatively, the issue can be worked-around by installed the cert chain. In this instance it is the "Sectigo RSA DV Bundle" from https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000rfBO The second issue is that the mechanism we are using to translate keys and certificates to a common format doesn't support PKCS#1. Annoyingly, everything we need is in the JRE but in the non-public sun.security.util package. I have a patch to add PKCS#1 support as well. I need to tidy the patches up, fill in the i18n that I skipped over and then I'll be in a position to commit this. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org