I have an SSL certificate which is signed by intermediate CA and then Intermediate CA certificate is signed by the root CA. I need to import these certificates to my truststore in order to access this service.
My questions is - Is there any particular order that I need to follow for importing these certs.
for example import SSL cert first, then intermediate CA cert and then root CA cert
OR I can import certificate in any order and be confident that it will work.
2nd part of the question - WHEN PKIX path building happens does it care about the order in which certs are present in the truststore.
No, the order of the certificates in the truststore is irrelevant.
When the certification chain presented by the server is validated, the client searches for a match in the truststore, starting with the final certificate up to the root. Each certificate is validated using the public key of the upper certificate until a match with the truststore is found. There is a match when the certificate itself is present or its immediate superior (The certificate has been digitally signed by the upper certificate).
Therefore the order does not matter because the digital signature of each certificate in the chain is going to be validated