Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to add multiple CA to truststore

 
Sudhindra Bhargav
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I followed the following tutorial to implement two way SSL authentication:
http://virgo47.wordpress.com/2010/08/23/tomcat-web-application-with-ssl-client-certificates/

Structure on server:
cacerts.jks has my_ca as trusted certificate entry
keystore.jks has sercer as Key Pair entry

Browser:
Has Client.cer generated by my CA installed in it

If I access the app url, browser now pops my 'Client' certificate to use & I click on cert & click OK, the webpage is displayed.

Now I have an actual ProductionCertificate MyProdCer
Chain is: MyProdCer -> IssuerCA -> IntermediateCA-> RootCA

I have updated cacerts.jks on server to contain IssuerCA, IntermediateCA & RootCA certs along with the original my_ca
The browser now pops up two options 1. 'Client' cert & 2. 'MyProdCer'
If I select 1. Client cer then it works as usual, no problem

However if i select 2. 'MyProdCer' then browser displays

What am I missing, please advise.

Thanks.
 
K. Gil
Ranch Hand
Posts: 75
Java Linux Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
is a both

'Client' cert & 'MyProdCer'


within same domain, any of these is wildcard?
 
Sudhindra Bhargav
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Client.cer was issued on local host using MyCA created locally using the tutorial.
This is just for test purpose.

MyProdCer is an actual certificate issued by Federal government CA.
This is the actual certificates that I will be dealing in production.

Appreciate the response.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic