[ https://issues.jboss.org/browse/JBIDE-24312?page=com.atlassian.jira.plugi... ] Andre Dietisheim commented on JBIDE-24312: ------------------------------------------ the culprit why the certificates are not found is at SSLCertificatesPreference.Item.issuedBy The parser (at {code} X509CertificateParser.getIssuer(X509Certificate certificate) {code} is using a whole block of certificate informations that contains the serial number. In the case of the internal *redhat.com test instance this is what gets used: {code} Country (C): US State (ST): North Carolina Serial Number: 52616C65696768Organization (O): Red Hat, Inc. Organizational Unit (OU): Information Technology Common Name (CN): open.paas.redhat.com Serial Number: 5B42403732636266343933 {code} The serial number sent by the server is always a new "random" number. This causes our lookup for existing accepted (and stored) certificates to always think we have a new certificate (prior certificates match in fingerPrint, validity but not in issuedBy. {code:title=Item#equals} @Override public boolean equals(Object o) { if(!(o instanceof Item)) return false; Item other = (Item)o; return Objects.equals(this.issuedBy, other.issuedBy) && Objects.equals(this.validity, other.validity) && Objects.equals(this.fingerprint, other.fingerprint); } -- This message was sent by Atlassian JIRA (v7.2.3#72005)