I got a Java 1.6 client, running on JBoss 6, which is required to make SSL connection to LDAP server.
The first time when the Java client makes a secure ldap connection to LDAP Server, the server will send a certificate to the client. Once the client receives the certificate, it has to validate if the certificate is signed by a trusted CA. If it is, the client accepts and saves the certificate in a keystore. So, the certificate can be used later on.
As I known, most Web browsers that support SSL have a list of CAs whose certificates they will automatically accept. If a browser encounters a certificate whose authorizing CA is in the list, the browser will automatically accept the certificate, and establish a SSL connection to the site. Can I borrow from this idea, and implement it in Java world? If yes, I don't need to manually import a new certificate into the client each time there is an update to the server certificate, and the client is on production.
You don't need to 'borrow' anything other than the JBoss "truststore". The certificates for all the major CAs should already be in the JBoss truststore so this should just be a JBoss configuration issue. I don't know where the JBoss truststore is located or how one specifies the 'truststore' to use when making an SSL client connection from within JBoss but I would expect the JBoss documentation will tell you. If not then one of the JBoss newsgroups will be your best bet.