0

I was trying to add a new certificate to our truststore. But I got the alias already exists error.

I can't remove the old certificate yet, but I have to add the new certificate.

Will it matter if I imported the renewed certificate on a different alias?

The existing certificate alias: *.example.domain.com

I'm planning to use: *example.domain.com

Here is the command I use to import the new certificate:

keytool -import -trustcacerts -keystore keystore_trust.jks -storepass passwordhere -noprompt -alias "*.example.domain.com" -file /temp/cert/cert.pem

I know the command will still work, but will this result in any certificate-related error?

schroeder
  • 123,438
  • 55
  • 284
  • 319
ssl_noob
  • 1

1 Answers1

1

The alias is usually used to retrieve an item from the keystore (certificate, key) within the application. From the perspective of the keystore itself it does not matter what alias is given to a certificate. It matters though for the application which is using the keystore. So if your application expects the certificate and key to be accessible with a specific alias but you gave a different alias, then it will either fail to retrieve it or will retrieve something different.

See also What is the purpose/role of the "alias" attribute in Java keystore files?.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Although _for TLS_ (tagged but not mentioned in the Q) the JSSE default TrustManager ignores aliases; it uses all trustedcert entries (plus the EE/leaf certs in any privatekey entries! -- but those generally shouldn't exist in someting labelled a truststore). – dave_thompson_085 Jan 11 '22 at 00:13