44+ Certificate Chain Ssl Gif. To add certificate chain to keystore use the ca to create signed certificates in a java keystore. For an ssl certificate to be trusted, that certificate must have been issued by a ca that's included in the trusted store of the device that's connecting.
Verifying A Certificate Chain Sun Directory Server Enterprise Edition 7 0 Reference from docs.oracle.com
For an ssl certificate to be trusted, that certificate must have been issued by a ca that's included in the trusted store of the device that's connecting. Has a nice graphical example of this which may help you. Failure to install the correct chain can cause certificate errors in browsers, driving visitors away from your site.
The truststore needs to contain the complete certificate chain of the remote server.
Did you know that when you install an ssl certificate, you have to install not only your site's certificate, but also one or more intermediate (a.k.a. When we open ssl certificate from desktop, we don't see issuer certificate, because it is not available outside of ssl context. But certificate authorities usually don't use their root certificate to sign customer certificates. To avoid such warnings, a server should always send a complete trust chain.
