Reputation: 9323
Updating certificates in tomcat
I'm using https with Tomcat 6.x. It currently appears to be working as intended. However, a certificate used in the auth chain is about to expire. I am under the assumption that I need to update my keystore so that my host's certificate will continue to work as it is now. My host machine's cert is not expiring, nor is the root. An intermediate certificate is due to expire, and I'm seeking help with replacing it.
The first time i installed the certificate in my keystore, I had to complete the authentication chain and place all intermediate certificates in the keystore.
In my mind, I think I should be able to remove the intermediate certificate from the keystore and place the new one in, using the same alias. However, I don't know how to recreate the authentication chain and I'm worried I might inadvertently invalidate my host machine's certificate.
All certs are .cer files ( base64 ascii text files ). I've read about other formats, but have only had success with the .cer file type w/ the version of java and tomcat on my server.
How do I do this without destroying my current, valid certificate for my host machine and/or its keystore.
If i'm not phrasing any of this clearly; I don't want to have to submit a new .csr.
Certificates involved:
- RootCert
- Intermediate A <-- this one is expiring
- Intermediate B
- HostCert
Approximation of the output from my keytool's list command:
keytool -v -list -keystore mykeystore.kdb
Keystore type: jks
Keystore provider: SUN
Your keystore contains 4 entries
Alias name: HostCert
Entry type: keyEntry
Certificate chain length: 4
Certificate[1]:
/** Omitted for brevity: this is the HostCert**/
Certificate[2]:
/** Omitted for brevity: this is the IntermediateB**/
Certificate[3]:
/** Omitted for brevity: this is the IntermediateA**/
Certificate[4]:
/** Ommitted for Brevity this is RootCert **/
*******************************************
*******************************************
Alias name: IntermediateB
Entry type: trustedCertEntry
/** Ommitted for Brevity **/
*******************************************
*******************************************
Alias name: IntermediateA
Entry type: trustedCertEntry
/** Ommitted for Brevity **/
*******************************************
*******************************************
Alias name: RootCert
Entry type: trustedCertEntry
/** Ommitted for Brevity **/
*******************************************
*******************************************
Upvotes: 0
Views: 488
Answers (1)
Reputation: 9914
You can do that by importing the certificate once again by specifying the alias name in your keytool command
Upvotes: 1
Related Questions
- How to make tomcat to pick new certificates without restarting it
- Replace certificates in a running java application
- Tomcat HTTPS keystore certificate
- How do I force tomcat to reload trusted certificates?
- Import ssl certificates to Apache Tomcat
- How renew ssl certificate on Tomcat?
- SSL Certificates on a Tomcat Server
- How to update a Tomcat keystore with a renewed SSL certificate?
- Install a renewed SSL certificate in Tomcat
- Reinstall CA certificates - Tomcat