Hi all, I have the following setup in the tomcat default file on Ubunntu-14.04:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.keyStore=/opt/encompass/keystore/keystore.jks" JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/opt/encompass/keystore/truststore.jks" The keystore.jks holds dozen of SSL keys our app uses to authenticate to various web services. One of these certificates expired and I used openssl to create new private key (key.pem) and CSR, that the other side signed and sent back (cert.pem). Then I concatenated the certificate and the private key into single file: $ cat cert.pem key.pem > cert2.pem and imported the file into the existing keystore using keytool: $ keytool -delete -alias client-cert -keystore keystore.jks -storepass xxxx $ keytool -import -alias client-cert -file cert2.pem -keystore keystore.jks -storepass xxxx The signing root CA and the intermediate certificate already exist in the truststore.jks keystore. Does this procedure sound sane? Is there a better (or maybe proper) way of doing it? Thanks, Igor
