SSLCertificateInstall() doesn't throw underlying exception for error "Could not obtain server certificate chain"

Description

When using SSLCertificateInstall() to install an SSL cert, if there is any issue connecting to the remote server, such as a TLS version not being supported, all you get is this unhelpful message:

I just ran into this with a client who updated their app from java 8 to java 11. I wrote the CFML code in the attached CommandBox Task Runner to find the "real" error which is discarded by Lucee. The real error in this particular case was:

But debugging this was impossible due to Lucee discarding the original exception and not telling me what the issue was.

In the CertificateInstaller class in Lucee, the checkCertificate() method returns any exception that is encountered. When tm.chain is null in the constructor, please wrap the actual exception with the custom message instead of just throwing an empty IOException!

Instead, do something like this:

Environment

None

Attachments

Activity

Zac Spitzer 30 March 2021 at 17:24

https://github.com/lucee/Lucee/commit/5e955c34c49f1df63a697e6a164824e4943d6bb2

Pothys - MitrahSoft 30 March 2021 at 15:25

I've checked this ticket and yes the error message not helpful to know the exact issue. So I added a fix for this ticket.

Pull Request: https://github.com/lucee/Lucee/pull/1258

Resize issue view side panel

Fixed

Details

Assignee

Zac Spitzer

Reporter

Brad Wood

Priority

New

Labels

ssl

Fix versions

6.0.0.73

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Sprint

None

Created 29 March 2021 at 23:31

Updated 27 April 2022 at 16:59

Resolved 14 April 2021 at 18:19