We need to update the NetOps Portal with a new keypair, but would like to avoid reverting to http due to security restrictions

All DX NetOps Performance Management releases

1. Find the keystore name, keystore password, and alias of the existing keystore
   • This can be done with a keytool -list command, for example:
     • keytool -list -keystore keystore
2. Backup the existing truststore and keystore
   • By default, these two files need to be backed up
     • /opt/CA/PerformanceCenter/jetty/etc/keystore
     • /opt/CA/jre/lib/security/cacerts
3. Generate or obtain a new keystore 
   • This can be done either through an existing keystore, or following the below kb article if given a private key and public certificate
     • https://knowledge.broadcom.com/external/article?articleNumber=281366 
4. Alter the new keystore to mirror the existing keystore
   • This is ideally done when generating the keystore, but if not, you can alter things like the alias through commands as illustrated within this kb article:
     • https://knowledge.broadcom.com/external/article?articleNumber=281368 
5. Import the root & intermediate certs into the truststore
   • The root certificate will need to be trusted.  If the certificate chain is proper, the intermediate should not require explicit trusting
     • /opt/CA/jre/bin/keytool -importcert -keystore cacerts -alias root_cert -file root.pem
6. stop all 4 caperfcenter services
   • systemctl stop caperf*
7. move the new keystore into the old keystore's location
8. start all 4 caperfcenter services
   • systemctl start caperfcenter_sso caperfcenter_eventmanager caperfcenter_devicemanager caperfcenter_console