Need help with wildcard cert

hi, I installed 2 new chat servers. both are 4.2.3 on centos 7. i installed my wild card cert (one for each server(different domains)). I also added the cert chain to each other’s trust store. I restarted and the certs seems good in the gui and the browser indicates a good cert

however…
when I use the sparc client will not connect unless i check the “accept all certs” box
and
server to server does not work with starttls. i get this error

Caused by: java.security.cert.CertificateException: java.security.cert.CertPathBuilderException: No issuer certificate for certificate in certification path found.

I know it is saying the cert is not chained up properly, but i do have the chain in the trust store on both servers…

what am I doing wrong?

thanks for your help in advance!

Identity Store:

image2407×135 22.9 KB

You can try using Spark version without included java and install latest java 8 on the system. Probably won’t change anything, just a guess as Spark uses Java’s truststore.

You can also try latest nightly build of Spark 2.9.0 (on the Downloads page). It still has some issues, but it also has certificates management. It should be possible to import full chain. Just wonder how latest version handles this.

hi,to be honest, spark is not my main concern. I can check the box and it will accept the cert. i am more concerned about the lack of tls between my 2 chat servers.