Merging JAVA Keystore Files, JKS
Overview
If you want to enable secure communication for a custom domain, the domain requires SSL certificates stored in keystore files. The domain requires a keystore file on the nodes. You can use the default keystore file from java or provide your own keystore file for better security. However, if you are to provide your own keystore file please remember that this has high probability of breaking checks. We highly recommend importing certs into the default java keystore. The client can connect to services in multiple domains. If the domains use different certificates, the client keystore file must include the SSL certificates for the domains. The procedure to merge keystore files JKS files.
Merging JKS Files
You can use the Java keytool utility to merge keystore files in the JKS format. To merge keystorestore files, use the -keystore option to specify the keystore file. The following procedure merges a custom keystore file named apica_custom.jks into the default keystore file named apica_keystore.jks:
1. Verify the certificate details of the custom keystore file
Run the following command:
keytool -list -v -keystore <keystore file>
For example, to view the details of the keystore file named apica_custom.jks,
Run the following command:
keytool -list -v -keystore apica_custom.jks
Enter the password for the custom keystore file when prompted.
2. Export the certificate to a temporary file
Run the following command:
keytool -exportcert -keystore <keystore file> -alias <alias> -file <temp cert file>
For example, to export the certificate from the keystore file named apica_custom.jks to a temporary file named apica_cust_cert,
Run the following command:
keytool -exportcert -keystore apica_custom.jks -alias "apica" -file apica_cust.cert
3. Import the certificate to the default keystore file
Run the following command:
keytool -importcert -keystore <keystore file> -alias <alias> -file <temp cert file>
For example, to import the certificate from the temporary file apica_cust.cert to the default keystore file apica_keystore.jks,
Run the following command:
keytool -importcert -keystore apica_custom.jks -alias "apica" -file apica_cust.cert
When prompted, enter the password for the default keystore file.
Please sign in to leave a comment.
Comments
0 comments