I followed the following tutorial to implement two way SSL authentication:
http://virgo47.wordpress.com/2010/08/23/tomcat-web-application-with-ssl-client-certificates/
Structure on server:
cacerts.jks has
my_ca as trusted certificate entry
keystore.jks has
sercer as Key Pair entry
Browser:
Has
Client.cer generated by my CA installed in it
If I access the app url, browser now pops my 'Client' certificate to use & I click on cert & click OK, the webpage is displayed.
Now I have an actual ProductionCertificate
MyProdCer
Chain is:
MyProdCer ->
IssuerCA ->
IntermediateCA->
RootCA
I have updated cacerts.jks on server to contain IssuerCA, IntermediateCA & RootCA certs along with the original my_ca
The browser now pops up two options 1. 'Client' cert & 2. 'MyProdCer'
If I select 1. Client cer then it works as usual, no problem
However if i select 2. 'MyProdCer' then browser displays
What am I missing, please advise.
Thanks.