Root and intermediary certificates have already been imported, as indicated above, this works now.
What does not work, however, is SNI. My understanding was that as of Java 7 SNI just works, and looking into jetty’s installation.properties I have the following line:
jetty.ssl.sniHostCheck=true
I would have thought that should be enough to work with the certificate which is signed to CN cms.example.com, but has cms-dev.example.com and cms-uat.example.com in subject alternate names. Connecting to the host which has CN set in the certificate works. Connecting to the host which is only in the subject alternate name, for example cms-dev.example.com works as far as establishing the connection, but consecutive operations fails. For example, clicking on Content Explorer in Workbench and trying to unfold any of the items returns:
Does this mean anything to you?
Note: This conversation was created from a reply on: Rhythmyx Jetty Workbench SSL.