Reputation: 1811
Merge 2 .jks truststore files
I am using a Tomcat that is SSL enabled, using truststores for client authentication.
I have two .jks trustore files.
The first, I use it for the PROD environment and the other for the TEST environment client certificates.
I deploy the web application, on a Tomcat and until now i was setting one of the above files in the configuration (according to the environment).
Is it possible i can merge those files into one .jks truststore that will accept client certificates both for PROD and TEST environments?
I need to mention that i have the passwords for both truststores.
Thanks!
Upvotes: 24
Views: 44896
Answers (1)
Reputation: 13729
You can use the -importkeystore option of keytool to import an entry from one keystore/truststore to another:
keytool -importkeystore -srckeystore test.jks -destkeystore common.jks -srcalias myRootCA -destalias myRootCA_TEST -srcstorepass **** -deststorepass ****
keytool -importkeystore -srckeystore prod.jks -destkeystore common.jks -srcalias myRootCA -destalias myRootCA_PROD -srcstorepass **** -deststorepass ****
The common.jks will then contain both CA to validate the client certificates. However, the application may also need to be reconfigured.
Upvotes: 50
Related Questions
- How do I create truststore and keystore from the signed certificate?
- Updating Java Keystore and Truststores with new Certificates
- How to import a jks certificate in java trust store
- Adding other certificates to existing jks or not using javax.net.ssl.trustStore for a request
- JKS with multiple keys (different passwords)
- Unable to convert .jks to .pkcs12: excess private key
- Import Trust Chain to the keypair or import it to keystore or both
- Merging custom and default truststore in tomcat
- How to combine cer and key to generate jks file
- How to create certificate from keystore.jks and truststore.jks files