Dear all,
I'm experiencing difficulties getting JBoss to present the trust chain
to the client.
The server certificate is signed by an intermediate CA and the
intermediate CA has a certificate signed by the root CA.
I imported these certificates into the keystore using keytool. A keytool
-list shows these. However, after reviewing a number of tutorials and
HOWTOs on the net, it still remains unclear what alias one has to
specify. The certificate of the website has the alias tomcat that is
also used in the JBoss configuration.
The tutorials suggest numerous alias -- but not the same as the alias of
the site cert -- values for the certificates.
When I run openssl against the JBoss installation
openssl s_client -connect
www.xyz123abc.com:8443
I get the result:
Certificate chain
0 s:....
So the certificate chain contains only one certificate, the certificate
of the site.
Inspecting the keystore again -- this time using keytool -list -v --
reveals something strange:
[..]
Alias name: tomcat
Creation date: Jul 1, 2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
[..]
Shouldn't the certificate chain length be greater than 1???
So I'm wondering if one has to store the certificates of the trust chain
under the same alias. And if yes, how can I achieve this.
Thanks in advance
Christoph