Page MenuHome GnuPG

GPGSM: Chain too long on cross signed certificate
Open, NormalPublic


Attached is a certificate that made Kleopatra crash (related issue) but it also
causes GPGSM to fail when it is used as a recipient with:

gpgsm: certificate chain too long

gpgsm: can't encrypt to '': Bad certificate chain

The likely cause for it is that it has a cyclic issuer chain where:

The Comodo CA certificate is signed by AddTrust External CA Root, which itself
is cross signed by UTN - DATACorp SGC, meaning UTN - DATACorp SGC is itself
again signed by AddTrust.


External Link