I am trying to learn the basics of PKI and path validation. I have also looked at the JDK implementation of PKI path validation (RFC 5280 6.1). Unfortunately, I don't understand why it is sufficient to have the server certificate and not a CA certificate in the truststore. As i understood the entire certification path from/to the trust anchor would have to be processed for path validation to succeed. So am I misunderstanding something here?
Thanks, Hector