certificate not trusted by Websphere

Question

I have a web application that call a SOAP Web service secured via SSL .(https://zzzzzzzzzzzz/xxxxx).

The server send two certificates (Root and Leaf) s

Answer 1

The problem here is that the certificate path builder (A part of the Java Cert path API) cannot build the certificate chain during the SSL handshake. During the handshake the SSL peer host send its certificate (identity) to the client, for the client to trust that particular certificate a chain of trust must be built on the client side, that what is happening when you get the fault. The problem here is that the chain of trust cannot be created since you are missing either the signer certificate and/or the root certificate in your truststore (trust anchor).

Note that the PKIX trustmanager performs a "scope of trust" validation which means that you do not need a complete certificate chain on the client side to fulfill the trust relationship with the SSL peer, you will only need the signer/intermediate certificates in your truststore. In fact, if you should put the leaf certificate in the truststore, that should also make things work, since that states that you have explicit trust of that particular certificate and a certificate chain validation is not needed.