ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

In gateway 10.1 we get the certificate chain length exceeds the maximum allowed length

book

Article ID: 238256

calendar_today

Updated On:

Products

API SECURITY

Issue/Introduction

After upgrading to gateway 10.1 , we are having the following error towards some legacy systems during the tls handshake

The certificate chain length (11) exceeds the maximum allowed length (10)

Environment

Release : 10.1

Component :

Resolution

You can add the following setting to the gateway startup file 

/opt/SecureSpan/Gateway/runtime/etc/profile.d/appliancedefs.sh

add 

NODE_OPTS="$NODE_OPTS  -Djdk.tls.maxCertificateChainLength=15"

and restart the gateway service .