What CA cert are accepted by each JRE?
Hello,
I have 3 questions regarding https connections and their certificates.
I have an https server where a lot of java clients connects to. Every year we are updating the certificate on the server side and then we also have to update the keystore on client side. This is a big job and I would like to supress it if possible.
The serveur certificate is issued by "CN = Thawte SGC CA, O = Thawte Consulting (Pty) Ltd, C = ZA"
My questions are the following:
1) Why do I have to import the certificate (on the client side) in keystore to be able to connect? I though that if I would buy a certificate from a trusted CA I would not have to do this.
2) As we have different JRE installed for each client PC. Where can I get the list of trusted CA for each JRE version?
3) If we provide a keystore to java while creating the https connection. Does it first check in the JRE trusted CA list and then the keystore or does it just use the keystore.
I did a lot of searches on internet and did not found answer to these questions.
Thanks in advance for you rreplies.
Remi.