keytool commands to replace existing SSL certificate?

I've a linux centos server running glassfish 3.1.2 app server. The default certs coming from GlassFish install for ports 4848 and 8181 are 1024 bits. I need to replace these with 2048 bits versions. Looking for help to create the keytool command line code that does this.

I located the certs here:

# keytool -list -keystore keystore.jks Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries glassfish-instance, Feb 7, 2012, PrivateKeyEntry, Certificate fingerprint (SHA1): 40:...:46 s1as, Feb 7, 2012, PrivateKeyEntry, Certificate fingerprint (SHA1): 3C:...:FC

2 Answers

Here you go, I always keep this page bookmarked as a reference, The Most Common Java Keytool Keystore Commands.

So you'll need to delete the certificate before you can re-add it. From the above page:

Delete a certificate from a Java Keytool keystore

  • keytool -delete -alias mydomain -keystore keystore.jks
1

I differ with the response above. What I have found is if you create the CSR from the existing keystore you can just replace the certificate. All you do is import the new certificate using the same alias as the old one.

keytool -importcert -alias old_cert_alias -file new_cert_file.cer -keystore your_key_store.jks

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like