3 Replies Latest reply on Nov 9, 2011 8:56 AM by EJP

    Renewing an expired Intermediary certificate

      I need some help in understanding why a server (Java, Sun) fails client authentication (ssl handshake)after a client intemediary certificate was renewed. Here is the scenarioo:

      Server uses mutual authentication (both sides need to exchange their certificate chains) The client was able to communicate with the server until the client intemediarary certificate expired and was renewed. The client simply replaced the old intemediary certificate in the client certificate chain with the new intemediary certificate. The server henceforth failed this client SSL handshake. To resolve the problem temporarily, I placed the client's certificate and intemediary certificate in the truststore (keytool) of the server. Can some tell me why the server is failing the handshake? Should the client have gotten it's certificate re-signed with the new intemediary certificate? I would like to remove the client certificate and intemediary certficate from the server truststore as soon as possible. Can you also point me to documentations which explain how what needs to be done by the client and the server side when either side renews a certificate in their respective certificate chain? Thanks.