Zap Certificate Chain Length Error

abhinav c

unread,

Feb 24, 2021, 2:48:47 AM2/24/21

to OWASP ZAP User Group

Hello,

I am running into below error, can some one help?

ERROR org.zaproxy.zap.spider.SpiderTask - An error occurred while fetching the resource [https://xxxx.com/]: The certificate chain length (11) exceeds the maximum allowed length (10)

javax.net.ssl.SSLProtocolException: The certificate chain length (11) exceeds the maximum allowed length (10)

or can you tell me how to set jvm argument -Djdk.tls.maxCertificateChainLength=15

I am running zap container to scan my website

Thanks

thc...@gmail.com

unread,

Feb 24, 2021, 11:41:59 AM2/24/21

to zaprox...@googlegroups.com

Hi.

Refer to:
https://www.zaproxy.org/docs/desktop/ui/dialogs/options/jvm/

Best regards.

abhinav c

unread,

Feb 24, 2021, 2:46:57 PM2/24/21

to OWASP ZAP User Group

I have that arg but still doesn't work, any other options to try?

kingthorin+owaspzap

unread,

Feb 25, 2021, 11:19:50 AM2/25/21

to OWASP ZAP User Group

Is OpenSSL able to connect to the target?

https://www.openssl.org/docs/man1.0.2/man1/openssl-s_client.html

As far as I know OpenSSL's default is also 10.

Does the target actually exceed 10 or is it sending a bunch of certificates for some reason?

abhinav c

unread,

Feb 25, 2021, 2:01:53 PM2/25/21

to OWASP ZAP User Group

I tried and I am able to connect to the target and i see the certificate chain length as 10, any idea on how to check how many certificates is being sent?

Reply all

Reply to author

Forward