Is it sufficient to add the root certificate of the CA signing authority to the trustore or shoule I add the entire client certificate to the truststore? My JBoss AS has a CA signed SSL certificate and web applications work fine over SSL. I woudl like to ensure that a client that calls the web application has a certificate signed by a CA authority. These clients happen to be web applications that connect from remote JBoss servers that are configured to work over SSL with either self-signed or CA verified certificates.
I can configure the server.xml with clientAuth=true and define a trustore. I am just unsure about the certificates that I must import into the trustore.