Chris's Wiki :: blog/tech/SSLChainOrder Commentshttps://utcc.utoronto.ca/~cks/space/blog/tech/SSLChainOrder?atomcommentsDWiki2020-03-19T04:26:05ZRecent comments in Chris's Wiki :: blog/tech/SSLChainOrder.By Shane on /blog/tech/SSLChainOrdertag:CSpace:blog/tech/SSLChainOrder:0291c6ccb6c03a476b9b19552e1474df2d9c50f1Shane<div class="wikitext"><p>This was very hard to find, somehow.
this is now 9.5 years old, and still helping people.
I love the internet.
:)</p>
</div>2020-03-19T04:26:05ZFrom 212.58.239.38 on /blog/tech/SSLChainOrdertag:CSpace:blog/tech/SSLChainOrder:5cd90df3072bb79e21a0f349f2354a246ed6c495From 212.58.239.38<div class="wikitext"><p>We had an issue with the ordering of certificates using the Apache CXF library is create SSL connections. The developer had to go back to using the core SSL Java libs to get this to work.</p>
</div>2010-11-16T10:39:24ZFrom 93.191.34.130 on /blog/tech/SSLChainOrdertag:CSpace:blog/tech/SSLChainOrder:2797f916ef8d8b6a5ae54773430a119d41d50e5dFrom 93.191.34.130<div class="wikitext"><p>Nginx is also picky about the order of the certificates in the concatenated file.</p>
<p>Dave.</p>
</div>2010-11-15T08:46:11ZFrom 78.34.145.178 on /blog/tech/SSLChainOrdertag:CSpace:blog/tech/SSLChainOrder:9a6937bae884578f8fc990ef407147a5c9333a56From 78.34.145.178<div class="wikitext"><p>A few notes:</p>
<p>I had Outlook fail because of a very large chain file. (Some 200+ CA Certs by accident)</p>
<p>Android is very picky about the right order of the certificates, every other SMTP/IMAP client seems to handle any order.</p>
<p>Regards, Frank</p>
</div>2010-11-14T11:02:16ZFrom 118.209.42.80 on /blog/tech/SSLChainOrdertag:CSpace:blog/tech/SSLChainOrder:85b354f37af50a5442803f39250d65639d252eb4From 118.209.42.80<div class="wikitext"><p>A giant chain file might not lead to the quickest SSL initialisation ever, which could be a problem for some protocols, eg HTTPS. On the other hand, caring might be pointless until you get to Amazon levels of speed paranoia.</p>
</div>2010-11-14T06:08:41Z