HTTPS connector with client authentication using JSSE seems to have a bug.
Here is the snippet code from domain.xml:
...
<connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">
<ssl name="myssl"
key-alias="myalias"
password="xxxxxxxx"
certificate-key-file="/path/to/keystore.jks"
verify-client="true"
ca-certificate-file="/path/to/truststore.jks"/>
</connector>
...
It seems to ignore the attribute ca-certificate-file and custom truststore.jks. It loads only the CAs in $JAVA_HOME/jre/lib/security/cacerts.
Any ideas?
Regards