How do I update a Spectrum HTTPS certificate that is getting ready to expire
1. Generate a CSR:
/usr/Spectrum/java/bin/keytool -certreq -keystore /usr/Spectrum/custom/keystore/cacerts -storepass changeit -ext SAN=dns:[FQHN] -alias tomcatssl -keypass changeit -file /tmp/Spectrum.csr
2. Take the /tmp/Spectrum.csr to your Certificate Authority and have it signed and transfer the resultant files to the Spectrum server.
3. Take a backup of the existing cacerts keystore:
cp /usr/Spectrum/custom/keystore/cacerts /usr/Spectrum/custom/keystore/cacerts.bak
4. Import the server certificate into the keystone to update the certificate:
/usr/Spectrum/java/bin/keytool -import -keystore /usr/Spectrum/custom/keystore/cacerts -storepass changeit -alias tomcatssl -file /tmp/Spectrum.cer
5. Restart tomcat and webtomcat:
/usr/Spectrum/tomcat/bin/stopTomcat.sh; /usr/Spectrum/webtomcat/bin/stopWebTomcat.sh; /usr/Spectrum/tomcat/bin/startTomcat.sh; /usr/Spectrum/webtomcat/bin/startWebTomcat.sh