https://bz.apache.org/bugzilla/show_bug.cgi?id=67061
--- Comment #2 from Mark Thomas <ma...@apache.org> --- You need to disable OCSP else optionalNoCA will always fail. Nest the following in your SSLHostConfig element in server.xml <OpenSSLConf> <OpenSSLConfCmd name="NO_OCSP_CHECK" value="true"/> </OpenSSLConf> Tomcat Native should probably (just confirming that with a discussion on the dev@ list) do this automatically. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org