wood burning stoves 2.0*
The moose likes Tomcat and the fly likes How to add multiple CA to truststore Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "How to add multiple CA to truststore" Watch "How to add multiple CA to truststore" New topic
Author

How to add multiple CA to truststore

Sudhindra Bhargav
Greenhorn

Joined: Sep 30, 2002
Posts: 3
I followed the following tutorial to implement two way SSL authentication:
http://virgo47.wordpress.com/2010/08/23/tomcat-web-application-with-ssl-client-certificates/

Structure on server:
cacerts.jks has my_ca as trusted certificate entry
keystore.jks has sercer as Key Pair entry

Browser:
Has Client.cer generated by my CA installed in it

If I access the app url, browser now pops my 'Client' certificate to use & I click on cert & click OK, the webpage is displayed.

Now I have an actual ProductionCertificate MyProdCer
Chain is: MyProdCer -> IssuerCA -> IntermediateCA-> RootCA

I have updated cacerts.jks on server to contain IssuerCA, IntermediateCA & RootCA certs along with the original my_ca
The browser now pops up two options 1. 'Client' cert & 2. 'MyProdCer'
If I select 1. Client cer then it works as usual, no problem

However if i select 2. 'MyProdCer' then browser displays

What am I missing, please advise.

Thanks.
K. Gil
Ranch Hand

Joined: Apr 29, 2011
Posts: 75

is a both

'Client' cert & 'MyProdCer'


within same domain, any of these is wildcard?
Sudhindra Bhargav
Greenhorn

Joined: Sep 30, 2002
Posts: 3
Client.cer was issued on local host using MyCA created locally using the tutorial.
This is just for test purpose.

MyProdCer is an actual certificate issued by Federal government CA.
This is the actual certificates that I will be dealing in production.

Appreciate the response.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to add multiple CA to truststore
 
Similar Threads
Java Client Consuming .NET WCF
javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites whi
2-way ssl not working: bad certificate
Tomcat SSL .Enabling Client authentication with tomcat