The trusted certificates of other servers in the topology must be imported into the new truststore file. To export trusted certificates from truststore and import them into, perform the following steps for each trusted certificate:

  1. Locate the currently trusted certificates, as follows:
    manage-certificates list-certificates \
      --keystore truststore
  2. For each alias other than server-cert, or whose fingerprint does not match server-cert, perform the following steps:
    1. Export the trusted certificate from truststore, as follows:
      manage-certificates export-certificate \
        --keystore truststore \
        --keystore-password-file \
        --alias <trusted-cert-alias> \
        --export-certificate-chain \
        --output-file trusted-cert-alias.crt
    2. Import the trusted certificate into, as follows:
      manage-certificates import-certificate \
        --keystore \
        --keystore-type JKS \
        --keystore-password-file \
        --alias <trusted-cert-alias> \
        --certificate-file trusted-cert-alias.crt