jQuery in Action, 2nd edition*
The moose likes Tomcat and the fly likes How to add multiple CA to truststore Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "How to add multiple CA to truststore" Watch "How to add multiple CA to truststore" New topic

How to add multiple CA to truststore

Sudhindra Bhargav

Joined: Sep 30, 2002
Posts: 3
I followed the following tutorial to implement two way SSL authentication:

Structure on server:
cacerts.jks has my_ca as trusted certificate entry
keystore.jks has sercer as Key Pair entry

Has Client.cer generated by my CA installed in it

If I access the app url, browser now pops my 'Client' certificate to use & I click on cert & click OK, the webpage is displayed.

Now I have an actual ProductionCertificate MyProdCer
Chain is: MyProdCer -> IssuerCA -> IntermediateCA-> RootCA

I have updated cacerts.jks on server to contain IssuerCA, IntermediateCA & RootCA certs along with the original my_ca
The browser now pops up two options 1. 'Client' cert & 2. 'MyProdCer'
If I select 1. Client cer then it works as usual, no problem

However if i select 2. 'MyProdCer' then browser displays

What am I missing, please advise.

K. Gil
Ranch Hand

Joined: Apr 29, 2011
Posts: 75

is a both

'Client' cert & 'MyProdCer'

within same domain, any of these is wildcard?
Sudhindra Bhargav

Joined: Sep 30, 2002
Posts: 3
Client.cer was issued on local host using MyCA created locally using the tutorial.
This is just for test purpose.

MyProdCer is an actual certificate issued by Federal government CA.
This is the actual certificates that I will be dealing in production.

Appreciate the response.
Don't get me started about those stupid light bulbs.
subject: How to add multiple CA to truststore
Similar Threads
Java Client Consuming .NET WCF
2-way ssl not working: bad certificate
Tomcat SSL .Enabling Client authentication with tomcat
javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites whi