I am using a webservice from a remote server over SSL.
The remote server has a Tomcat FE. We had Verisign sign the remote server certificate and the certificate chain is:
o:remote.server.com i:VeriSign Class 3 Secure Server CA - G3 i:VeriSign Class 3 Public Primary Certification Authority - G5
We added this certificate to Tomcat's keystore and also added Verisign's intermediate certificate which in which:
o:VeriSign Class 3 Public Primary Certification Authority - G5 i:Class 3 Public Primary Certification Authority
When I invoke the webservice from my server I get an SSL handshake exception:
No trusted certificate found
On my server's JVM cacerts I have "Class 3 Public Primary Certification Authority" but don't have the "VeriSign Class 3 Public Primary Certification Authority - G5 certificate."
If I add the "VeriSign Class 3 Public Primary Certification Authority - G5" certificate to the jvm then I stop getting the exception. However it is my understanding that Tomcat should chain the certificates so that when my server gets the remote certificate it will see "Class 3 Public Primary Certification Authority" as the root authority.
Why isn't this happening here?