| Summary | Orbix SSL connection fails for custom certifcates, but works with demo certificates. |
|---|---|
| Article Number | 36184 |
| Environment | Orbix 6.x All Supported Platforms |
| Question/Problem Description |
Orbix service refuses to accept connections for certificates beyond a chain length of 3. |
| Clarifying Information | Certificate chain lengths include both the root certificate and the signed certificate, therefore with the exception of self signed certs, the minimum length of a chain is two. |
| Error Message | 11:11:11 11/11/2012 [_it_orb_id_1@hostname/123.234.567.89] (IT_IIOP_TLS:13) E - failed server accept() on IPAddressImplBase[inet_address=0.0.0.0/0.0.0.0,port=12340,protocol=TCP] - exception: TLS handshake failed. SSLHandshakeException. java.security.cert.CertificateException: The peer certificate chain of length 5 exceeds that specified by the max chain length policy 3. |
| Defect/Enhancement Number | |
| Cause |
The peer certificate chain of length 5 exceeds that specified by the max chain length policy 3.
|
| Resolution | Increase the max length in the configuration of the ORB accepting the connection: policies:iiop_tls:max_chain_length_policy = "5"; |
| Workaround | |
| Notes | |
| Attachment |
| Created date: | 13 November 2012 |
|---|---|
| Last Modified: | 12 February 2013 |
| Last Published: | 13 November 2012 |
| First Published date: | 13 November 2012 |
#Orbix
#KnowledgeDocs
