Sven Aluoor
2010-Jan-21 15:01 UTC
[CentOS] [PKI concepts] Why Jboss need (signed cert and) root-cert in PEM format?
Hi folks [ Please add me CC. Thanks ] We have here a Jboss app and web server. We signed the SSL-certificate that end-user don't have ugly error messages. I don't understand why we need to import the Root-Cert in PEM format? $ keytool -import -trustcacerts -file rootcert.pem -keystore myserver.keystore -alias root The Root-Cert is in web browser, why there is a must to import in keystore? Did I misunderstood PKI basics? cheers Sven
R P Herrold
2010-Jan-21 16:34 UTC
[CentOS] [PKI concepts] Why Jboss need (signed cert and) root-cert in PEM format?
On Thu, 21 Jan 2010, Sven Aluoor wrote:> Hi folks > > [ Please add me CC. Thanks ]so .. a 'not subscribed' driveby -- also looks to be a cross-post> We have here a Jboss app and web server. We signed the SSL-certificateon a product we do not build> that end-user don't have ugly error messages. I don't understand why> The Root-Cert is in web browser, why there is a must to import in keystore? > > Did I misunderstood PKI basics?and not willing to read about PKI as that certificate store is not relevant for all purposes. Perhaps the price of CentOS' comptence is that random questions end up here. my $0.02 -- Russ herrold