I've set up a jetty (9.2.0.M1) hosted application.
I've configured jetty to run a two-way SSL with the following setup:
server.keystore - contains server private key and is self signed.
server.truststore - contains clients certs that should be trusted.
This is working and when I hit
https://127.0.0.1 in my browser where I have a valid certificate it works.
I'm now trying to do this without my own signed certificate. To do this I set up a DNS (lets say exampleDNS.com and created a certificate sign request server.csr that I sent to the CA-vendor.
I've got a mail back with the certificate to use and I included that into the server.keystore.
However: when I now hit
https://exampleDNS.com the server still present the self signed certificate instead of validating it by the CA.
I'm probably missing something here but I can't really understand what I'm doing wrong.
Do I need to include root certificate of the specific CA-vendor into keystore/truststore?
If I were you I would try to repeat process one more time. And make sure you import Root cert first, Intermediate second and trial last. And last one should have the same alias as you used when created private key. I probably can't suggest anything else, sorry.