Dear all,
I'm experiencing difficulties getting JBoss/Tomcat to present the trust chain to the client.
The server certificate is signed by an intermediate CA and the intermediate CA has a certificate signed by the root CA.
I imported these certificates into the keystore using keytool. A keytool -list shows these. However, after reviewing a number of tutorials and HOWTOs on the net, it still remains unclear what alias one has to specify. The certificate of the website has the alias tomcat that is also used in the JBoss configuration.
The tutorials suggest numerous alias -- but not the same as the alias of the site cert -- values for the certificates.
When I run openssl against the JBoss installation
openssl s_client -connect www.xyz123abc.com:8443
I get the result:
Certificate chain
0 s:....
So the certificate chain contains only one certificate, the certificate of the site.
Inspecting the keystore again -- this time using keytool -list -v -- reveals something strange:
[..]
Alias name: tomcat
Creation date: Jul 1, 2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
[..]
Shouldn't the certificate chain length be greater than 1???
So I'm wondering if one has to store the certificates of the trust chain under the same alias. And if yes, how can I achieve this.
Thanks in advance
Christoph