Is it sufficient to add the root certificate of the CA signing authority to the trustore or shoule I add the entire client certificate to the truststore?  My JBoss AS has a CA signed SSL certificate and web applications work fine over SSL.  I woudl like to ensure that a client that calls the web application has a certificate signed by a CA authority.  These clients happen to be web applications that connect from remote JBoss servers that are configured to work over SSL with either self-signed or CA verified certificates.

I can configure the server.xml with clientAuth=true and define a trustore.  I am just unsure about the certificates that I must import into the trustore.