[jboss-user] Presenting certificate chain with subsidiary CA certificate

Brian Candler brian.candler at ingg.com
Tue Jan 26 08:08:09 EST 2010

On Mon, Jan 25, 2010 at 10:19:26PM +0000, Brian Candler wrote:
> I have a problem getting Jboss to present a chain of certificates to a
> client.
> The situation is this: the server has a certificate signed by an
> intermediate (subsidiary) CA, and the subsidiary CA has a certificate signed
> by a root CA.

For the benefit of the list: I have solved this problem now. The trick is to
import all the certificates at once under the same alias. Concatenate the
PEM files into a single file, then import this combined file in one go:

keytool -import -noprompt -trustcacerts -alias "xxxx" \
  -file allcerts.pem -keystore server.keystore -storepass "yyyy"

The clue I got was from "keytool -list -v" which showed "certificate chain
length" as an attribute of the entry.



More information about the jboss-user mailing list