Jean-Frederic,
On 9/19/21 03:09, jean-frederic clere wrote:
Hi,
I have some problems with let's encrypt certificates and firefox,
basically I get:
Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
It looks like tomcat and tomcat-native are missing something with my
certificate, the same certificate with with httpd.
The work-around is security.ssl.enable_ocsp_must_staple=false in the
firefox configuration.
Has someone the same problem?
I think it is related to
+++
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
+++
and SSLUseStapling On
Does your certificate have the Must-Staple extension/feature in it? If
the cert has the Must-Staple feature, then the server must provide stapling.
Is it a surprise to you that your cert that this extension enabled? I
think you have to specifically-request Must-Staple when requesting a
cert from LE.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
