keytool commands to replace existing SSL certificate?

11

3

I've a linux centos server running glassfish 3.1.2 app server. The default certs coming from GlassFish install for ports 4848 and 8181 are 1024 bits. I need to replace these with 2048 bits versions. Looking for help to create the keytool command line code that does this.

I located the certs here:

# keytool -list -keystore keystore.jks
   Keystore type: JKS
   Keystore provider: SUN
   Your keystore contains 2 entries
   glassfish-instance, Feb 7, 2012, PrivateKeyEntry, 
   Certificate fingerprint (SHA1): 40:...:46
   s1as, Feb 7, 2012, PrivateKeyEntry, 
   Certificate fingerprint (SHA1): 3C:...:FC

user68950

Posted 2015-02-23T19:09:08.913

Reputation:

Answers

16

Here you go, I always keep this page bookmarked as a reference, The Most Common Java Keytool Keystore Commands.

So you'll need to delete the certificate before you can re-add it. From the above page:

Delete a certificate from a Java Keytool keystore

  • keytool -delete -alias mydomain -keystore keystore.jks

James Spiteri

Posted 2015-02-23T19:09:08.913

Reputation:

1no replace option — how disappointing. Anyway, thanks for the hint. – Martin – 2019-06-26T08:53:41.707

Asked: 2015-02-23T19:09:08.913

Viewed: 30 827 times

Active: 2016-08-31T21:22:47.493