[CentOS] [PKI concepts] Why Jboss need (signed cert and) root-cert in PEM format?

Thu Jan 21 15:01:15 UTC 2010
Sven Aluoor <aluoor at gmail.com>

Hi folks

[ Please add me CC. Thanks ]

We have here a Jboss app and web server. We signed the SSL-certificate
that end-user don't have ugly error messages. I don't understand why
we need to import the Root-Cert in PEM format?

$ keytool -import -trustcacerts -file rootcert.pem -keystore
myserver.keystore -alias root

The Root-Cert is in web browser, why there is a must to import in keystore?

Did I misunderstood PKI basics?

cheers Sven