Order the certificates that use the
--certificate-file option so that each
subsequent certificate functions as the issuer for the previous
one.
List the server certificate first, then any intermediate
certificates, and then list the root certificate authority (CA)
certificate. Because some deployments do not feature an
intermediate issuer, you might need to import only the server
certificate and a single issuer.
For example, the following command imports the existing certificates
into a new keystore file named
keystore.new
.
manage-certificates import-certificate \
--keystore keystore.new \
--keystore-type JKS \
--keystore-password-file keystore.pin \
--alias server-cert \
--private-key-file existing.key \
--certificate-file existing.crt \
--certificate-file intermediate.crt \
--certificate-file root-ca.crt