Importing earlier trusted certificates into the new keystore
You must import the trusted certificates of other servers in the topology into the new truststore
file.
About this task
To export trusted certificates from truststore
and import them into truststore.new
, perform the following steps for each trusted certificate:
Steps
-
Locate the currently trusted certificates.
manage-certificates list-certificates \ --keystore truststore
-
For each alias other than
server-cert
, or whose fingerprint does not matchserver-cert
, perform the following steps:-
Export the trusted certificate from
truststore
.manage-certificates export-certificate \ --keystore truststore \ --keystore-password-file truststore.pin \ --alias <trusted-cert-alias> \ --export-certificate-chain \ --output-file trusted-cert-alias.crt
-
Import the trusted certificate into
truststore.new
.manage-certificates import-certificate \ --keystore truststore.new \ --keystore-type JKS \ --keystore-password-file truststore.pin \ --alias <trusted-cert-alias> \ --certificate-file trusted-cert-alias.crt
-