Dear Maxim,
On my Ubuntu FF uses CAs from /etc/ssl/certs/, Chrome seems to use internal CAs
Can you check with keytool your keystore contains full chain (including CA)?
Example
https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
keytool -list -v -keystore keystore.jks
My certificate chain is Root CA -> Intermediate CA from Let'e Encrypt ->
RMTPS certificate.
When looking into the keystore, I see only the Intermediate CA -> RMTPS
certificate chain. The root CA is not included. Is it needed to be
present as well to make everything working?
I used these commands on the keystore:
# keytool -importkeystore -srckeystore <tmp>/openmeetings.p12
-srcstoretype PKCS12 -destkeystore /opt/openmeetings/conf/keystore.jmx
-alias red5
# keytool -import -keystore /opt/openmeetings/conf/keystore.jmx
-trustcacerts -file /etc/letsencrypt/live/openmeetings/chain.pem -alias
letsencrypt
When trying to add the root CA I got the message stating that that
certificate was already known in the global CA keystore. I force-added
it now to test out the effect.
The result is the same: Firefox cannot connect. I did not redo my
sniffing. I assume it will look similar.
Thank you so far
Christian
