I have a problem getting Jboss to present a chain of certificates to a client. The situation is this: the server has a certificate signed by an intermediate (subsidiary) CA, and the subsidiary CA has a certificate signed by a root CA. I have installed all three certificates into the keystore using keytool (keytool -list shows them): - the server certificate - the intermediate certificate - the root certificate each with a different alias. However, when an TLS client connects, only the server certificate is presented to the client. This can be demonstrated using openssl s_client -connect x.x.x.x:443 Since the client has only the root certificate, it cannot verify the server certificate. Now, the server should be presenting the intermediate certificate as well. I can make this work in Tomcat behind Apache (you can either concatenate multiple PEM files together, or use the SSLCertificateChainFile directive), but I can't see what to do with Jboss. This is Jboss 4.3.2ga, and here's the relevant bit of server.xml: <!-- Define a SSL HTTP/1.1 Connector on port 443 --> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" strategy="ms" secure="true" SSLEngine="on" clientAuth="false" sslProtocol="TLS" SSLCertificateFile="${jboss.server.home.dir}/conf/server-cert.pem" SSLCertificateKeyFile="${jboss.server.home.dir}/conf/server-key.pem" SSLCACertificateFile="${jboss.server.home.dir}/conf/ca-chain.pem" keystoreFile="${jboss.server.home.dir}/conf/server.keystore" keystorePass="XXXXXXXX" truststoreFile="${jboss.server.home.dir}/conf/server.truststore" truststorePass="YYYYYYYY" /> I'm not actually sure if the SSLCertificateFile/KeyFile/CACertificateFile do anything, but they're in a configuration I inherited. Certainly the keystoreFile directive is active, because if I give the wrong keystorePass then I'm told that the keystore file is not readable. I also tried putting the certificates into server.truststore, but this doesn't seem to make a difference. Any help much appreciated. Thanks, Brian Candler.