Some notes I prepared whilst renewing a certificate stored in a Java keystore:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# make backup cp -p /path/to/keystore.jks /path/to/keystore.jks.`date +%Y%m%d` # check current keystore contents keytool -list -v -keystore /path/to/keystore.jks -storepass <pass> # create a CSR from the cert in the keystore keytool -certreq -v -file myrequest.csr -keystore /path/to/keystore.jks -alias <alias> -storepass <pass> # check contents of csr openssl req -noout -text -in myrequest.csr # send it and get it signed.... # once received.... # verify the certificate you're about to import openssl x509 -noout -text -in /path/to/newcert.pem # ok, import it keytool -import -file /path/to/newcert.pem -alias <alias> \ -trustcacerts -keystore /path/to/keystore.jks -storepass <pass> # check it was all good keytool -list -v -keystore /path/to/keystore.jks -storepass <pass> # may need to restart any Java apps using that keystore |