To install SSL Certificate for any partner we are following below process:
1.Copying certificate to …/cer location
2. Running keytool command which is copying certificate to truststore loc.
3. Refreshing keystore & TrustStore.
What is happening when we are running keytool command –
Is it updating truststore.jks file ?
Any additional things does it do ?
And let us say i have some old certificate and now i got the new certificate. I followed the above process and installed the certificate. How IS identified which certificate to use as it has old copies and new copy of certificate …
Which version of WM are you using?
If newer ones that’s using jks file as truststore, you need to edit the jks file (Keystore Explorer is a great free tool).
If client only updated the server cert, not the root and intermediate CA, you normally don’t need to change anything in the Trust Store, since they should be there already.
If the client is using the cert for HTTPS authentication, you need load it as client cert (using Admin UI pages), and map it to a user. co-existence of both old and new as client cert won’t be an issue.
I am using wm8.2 version. After installing the certificate, we are just refreshing TrustStore & KeyStore after which IS is taking changes. We are not restarting IS after this activity.\
It’s working fine, but i just want to understand, after using keytool command what exactly happening which is updating key store and how IS comes to know which certificate has to use as multiple certificates( older and the newer) exist for the same partner.