Hi All,
We have a EP7.0 EHP1 system in our landscape. We have enabled SSL for accessing the portal using https protocol.
It is access through the url https://<portal>.<company>.com
The Certificate for this website has 4 levels of hierarchy. As follows:
Valicert
-> RSA Application Server CA root
-> <Company> Certificate CA root
--> <portal>.<company>.com certificate
We had created CSR request and got the response from my company CA. The certificates were imported in the AS Java VA - Key storage as follows, in the order below.
1.<porta>.<company>.com certificate
2. <company> Certificate CA root certificate
3. RSA Application Server CA root certificate
4. Valicert root certificate.
This was imported into the Private key generated for <portal>.<company>.com.
Though all browsers have the VAlicert CA root certificate, still when end users access this website, they get a warning stating that the Issuing Sytsem is not trusted. and recommends nto to proceed to the website.
When we try see the certificate, we see only <portal>.<company>.com and the RSA Applicaiton CA and <company> Certificate CA are not present with hierarchy.
This warning does not come,if we send the <company> Certificate CA root certificate separately to the end user and ask them to import it into the system.
I have the following quesitons.
1. SHould the AS JAVA engine be able to send the entire hierarchy of certifcates to the Client browser? we are seeing only the last <portal>.<company>.com certificate when we go into detail of the warning.
2. As end users are unable to import even this certificate, how do we rectify the situation? Are we missing some setup?
I apologize if the explanation is not very clear. I am new to ssl concept and the entire flow is a little confusing for me.
Please provide your guidance on this.
Thanks and Regards,
Raghavan