Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
  • Piet Souris
  • Frits Walraven
  • Carey Brown

How to add multiple CA to truststore

Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I followed the following tutorial to implement two way SSL authentication:

Structure on server:
cacerts.jks has my_ca as trusted certificate entry
keystore.jks has sercer as Key Pair entry

Has Client.cer generated by my CA installed in it

If I access the app url, browser now pops my 'Client' certificate to use & I click on cert & click OK, the webpage is displayed.

Now I have an actual ProductionCertificate MyProdCer
Chain is: MyProdCer -> IssuerCA -> IntermediateCA-> RootCA

I have updated cacerts.jks on server to contain IssuerCA, IntermediateCA & RootCA certs along with the original my_ca
The browser now pops up two options 1. 'Client' cert & 2. 'MyProdCer'
If I select 1. Client cer then it works as usual, no problem

However if i select 2. 'MyProdCer' then browser displays

What am I missing, please advise.

Ranch Hand
Posts: 75
Tomcat Server Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
is a both

'Client' cert & 'MyProdCer'

within same domain, any of these is wildcard?
Sudhindra Bhargav
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Client.cer was issued on local host using MyCA created locally using the tutorial.
This is just for test purpose.

MyProdCer is an actual certificate issued by Federal government CA.
This is the actual certificates that I will be dealing in production.

Appreciate the response.
I don't like that guy. The tiny ad agrees with me.
Thread Boost feature
    Bookmark Topic Watch Topic
  • New Topic