We are trying to set the identity an trust keystores. The error we get now is 'Invalid identity certificate signature'. However the server is running fine, only we see this error in the log. We need this to work for a 2-way SSL connection between Weblogic and a webservice.
For the trust keystore I just just the default java cacert keystore and added the public key of our client (and trusted it).
For the identity keystore we started of with a pfx file (using a wildcard certificate). I followed the setps of this url: http://www.digicert.com/ssl-support/jks-import-export-java.htm
If I check the keystore it also looks ok, I see a chain length of 5 certificates (when I check the certificate in the browser it has only a chain of 3 certificates, but the chain in the keystore also looks fine)
Issuer: CN=COMODO High Assurance Secure Server CA
Owner: CN=AddTrust External CA Root
Issuer: CN=AddTrust External CA Root
Owner: CN=COMODO High Assurance Secure Server CA
Issuer: CN=COMODO Certification Authority
In the thread: https://cn.forums.oracle.com/forums/thread.jspa?threadID=2363523. It show that this has to do with the order of the keystore. Could it be that?
What should be the correct order of the certifcates?