I am using SOA 11g on top of Weblogic 10.3.6 (Oracle JDK7). We are having external https webservice calls. We are using truststore with below command.
-Djavax.net.ssl.trustStore=/u01/apptest/cert/pi-truststore.jks
For one of the client we are calling https://clientname.ae from our composite. Certificate for clientname.ae is expiring and since we have server certificate for clientname.ae we will be adding renewed certificate as well in our truststore.
I need to know in such scenarios is it required to delete old certificate after updating renewed certificate. Is there a possibility java may try to use old certificate and ssl connection may fail. What is the algorithm used here by Java. Will it check all the certificate from the keystore or it will stop after finding first certificate with same cn and will stop there even if the certificate is expired.