On 19/09/2021 15:22, Christopher Schultz wrote:
Jean-Frederic,
On 9/19/21 03:09, jean-frederic clere wrote:
Hi,
I have some problems with let's encrypt certificates and firefox,
basically I get:
Error code: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
It looks like tomcat and tomcat-native are missing something with my
certificate, the same certificate with with httpd.
The work-around is security.ssl.enable_ocsp_must_staple=false in the
firefox configuration.
Has someone the same problem?
I think it is related to
+++
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
+++
and SSLUseStapling On
Does your certificate have the Must-Staple extension/feature in it? If
the cert has the Must-Staple feature, then the server must provide
stapling.
Is it a surprise to you that your cert that this extension enabled? I
think you have to specifically-request Must-Staple when requesting a
cert from LE.
May be it is related to that I am using mod_md in Apache httpd and just
moved the certificate/key to use the pair in tomcat.
And yes I have the Must-Staple in the certicate but I don't know why...
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
--
Cheers
Jean-Frederic
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
