We use a governance tool for SSL certs and it will not allow us to reuse a private key.
I was able to generate new new cert, private key and chain of trust in pfx format.
How can we import the new cert into tomcat?
Spectrum: All Supported Versions
Old cert expires in a few days, and the automatic process to update the certs is broken on this host.
The new cert we have does not match the old keystore private key.
Start tomcat using the original keystore and cert to make sure it works.
Stop tomcat and then run these commands:
/opt/spectrum/Java/jre/bin/keytool -delete -keystore /opt/spectrum/custom/keystore/cacerts -storepass changeit -v -alias <alias>
/opt/spectrum/Java/jre/bin/keytool -v -importkeystore -srckeystore /home/user/file.pfx -srcstoretype PKCS12 -destkeystore /opt/spectrum/custom/keystore/cacerts -deststoretype JKS
Enter the passwords and success.
/opt/spectrum/Java/jre/bin/keytool -keypasswd -alias <alias> -keystore /opt/spectrum/custom/keystore/cacerts
And we started tomcat and it come up cleanly and we could login and we verified the new cert was in play.