Structure on server:
cacerts.jks has my_ca as trusted certificate entry
keystore.jks has sercer as Key Pair entry
Has Client.cer generated by my CA installed in it
If I access the app url, browser now pops my 'Client' certificate to use & I click on cert & click OK, the webpage is displayed.
Now I have an actual ProductionCertificate MyProdCer Chain is: MyProdCer -> IssuerCA -> IntermediateCA-> RootCA
I have updated cacerts.jks on server to contain IssuerCA, IntermediateCA & RootCA certs along with the original my_ca
The browser now pops up two options 1. 'Client' cert & 2. 'MyProdCer'
If I select 1. Client cer then it works as usual, no problem
However if i select 2. 'MyProdCer' then browser displays