[jboss-user] [PKI concepts] Why Jboss need (signed cert and) root-cert in PEM format?

[Sven Aluoor]

Hi folks

We have here a Jboss app and web server. We signed the SSL-certificate
that end-user don't have ugly error messages. I don't understand why
we need to import the Root-Cert in PEM format?

$ keytool -import -trustcacerts -file rootcert.pem -keystore
myserver.keystore -alias root

The Root-Cert is in web browser, why there is a must to import in keystore?

Did I misunderstood PKI basics?

cheers Sven