I'm sure it will work ;-) I think previously I misunderstood you - now just for my understanding - I should create a selfsigned CA just for signing the server certificate and then import in the keystore the client certificates which are signed with the org's standard CA cert. And then the client browsers should be made aware of this selfsigned CA in addition so that they can "verify" the server authenticity?
Is that right? (it sounds actually logical to me :-)) Thanks
pgp00000.pgp
Description: signature
