OiO.lk Blog java What happens when a PKCS#12 truststore contains a Root CA and a Sub CA issued by this exact Root CA?
java

What happens when a PKCS#12 truststore contains a Root CA and a Sub CA issued by this exact Root CA?

  • By admin
  • October 17, 2024
  • 0 Comments
  • Less than a minute
  • 5 Views
  • 5 days ago


Let’s assume we have the following CA hierarchy:

  • ACME Inc. Root CA
    • ACME Inc. Sub CA 1
      • ACME Leaf Certificate 1
    • ACME Inc. Sub CA 2
      • ACME Leaf Certificate 2

Now, we have a .p12 file as a "truststore" with the following CA certificates inside:

  • ACME Inc. Root CA
  • ACME Inc. Sub CA 1

Assuming we have a typical Java server application which uses mTLS to secure connections, which of the above Leaf Certificates would be allowed to connect?

Meaning:

  • Would Leaf Certificate 2 be able to connect, even though the Sub CA 2 certificate is not in the trust store, but the Root CA is?
  • Why would I then even include the Sub CA 1 certificate in this trust store?
  • If I include Leaf Certificate 1 directly in the said truststore, does this mean that ONLY Leaf Certificate 1 is able to connect?
  • If I’d include Leaf Certificate 1 directly in the said truststore, would it then be accepted even if it’s expired?



You need to sign in to view this answers

Leave a Comment

Related Post

GPL

Free GPL Modern Video player Statistics AddOn for WordPress

October 22, 2024
javascript

Threejs remove background area from elliptical cylinder

October 22, 2024
SQL

SQLite Injection Not Work with Anonymous Type With Dapper

October 22, 2024
CSS

How do I make div class of images responsive?

October 22, 2024
jQuery

I am looking for a way to detect screen

October 22, 2024
HTML

Animation of rotateY-180 is not displayed

October 22, 2024
Exit mobile version