Hi all,

I have the following setup in the tomcat default file on Ubunntu-14.04:


The keystore.jks holds dozen of SSL keys our app uses to authenticate to
various web services. One of these certificates expired and I used openssl
to create new private key (key.pem) and CSR, that the other side signed and
sent back (cert.pem). Then I concatenated the certificate and the private
key into single file:

$ cat cert.pem key.pem > cert2.pem

and imported the file into the existing keystore using keytool:

$ keytool -delete -alias client-cert -keystore keystore.jks -storepass xxxx
$ keytool -import -alias client-cert -file cert2.pem -keystore keystore.jks
-storepass xxxx

The signing root CA and the intermediate certificate already exist in the
truststore.jks keystore.

Does this procedure sound sane? Is there a better (or maybe proper) way of
doing it?


Reply via email to