0 Replies Latest reply on Aug 27, 2011 4:44 PM by Christoph Lechner

    JBoss/Tomcat: trust chain difficulties

    Christoph Lechner Newbie

      Dear all,

       

      I'm experiencing difficulties getting JBoss/Tomcat to present the trust chain to the client.

       

      The server certificate is signed by an intermediate CA and the intermediate CA has a certificate signed by the root CA.

      I imported these certificates into the keystore using keytool. A keytool -list shows these. However, after reviewing a number of tutorials and HOWTOs on the net, it still remains unclear what alias one has to specify. The certificate of the website has the alias tomcat that is also used in the JBoss configuration.

      The tutorials suggest numerous alias -- but not the same as the alias of the site cert -- values for the certificates.

       

      When I run openssl against the JBoss installation

      openssl s_client -connect www.xyz123abc.com:8443

      I get the result:

      Certificate chain

      0 s:....

       

      So the certificate chain contains only one certificate, the certificate of the site.

       

      Inspecting the keystore again -- this time using keytool -list -v -- reveals something strange:

       

      [..]

      Alias name: tomcat

      Creation date: Jul 1, 2011

      Entry type: PrivateKeyEntry

      Certificate chain length: 1

      Certificate[1]:

      [..]

       

      Shouldn't the certificate chain length be greater than 1???

       

      So I'm wondering if one has to store the certificates of the trust chain under the same alias. And if yes, how can I achieve this.

       

      Thanks in advance

         Christoph