[jboss-user] Presenting certificate chain with subsidiary CA certificate
Brian Candler
brian.candler at ingg.com
Tue Jan 26 08:08:09 EST 2010
On Mon, Jan 25, 2010 at 10:19:26PM +0000, Brian Candler wrote:
> I have a problem getting Jboss to present a chain of certificates to a
> client.
>
> The situation is this: the server has a certificate signed by an
> intermediate (subsidiary) CA, and the subsidiary CA has a certificate signed
> by a root CA.
For the benefit of the list: I have solved this problem now. The trick is to
import all the certificates at once under the same alias. Concatenate the
PEM files into a single file, then import this combined file in one go:
keytool -import -noprompt -trustcacerts -alias "xxxx" \
-file allcerts.pem -keystore server.keystore -storepass "yyyy"
The clue I got was from "keytool -list -v" which showed "certificate chain
length" as an attribute of the entry.
Regards,
Brian.
More information about the jboss-user
mailing list