We need to update the Data Aggregator with a new keypair, but would like to avoid reverting to http due to security restrictions

All DX NetOps Performance Management releases

1. Find the keystore name, keystore password, and alias of the existing keystore
   • This can be done with a keytool -list command, for example:
     • keytool -list -keystore keystore
2. Backup the existing truststore and keystore
   • By default, these two files need to be backed up
     • /opt/IMDataAggregator/apache-karaf/etc/truststore
     • /opt/IMDataAggregator/apache-karaf/etc/keystore
3. Generate or obtain a new keystore 
   • This can be done either through an existing keystore, or following the below kb article if given a private key and public certificate
     • https://knowledge.broadcom.com/external/article?articleNumber=281366 
4. Alter the new keystore to mirror the existing keystore
   • This is ideally done when generating the keystore, but if not, you can alter things like the alias through commands as illustrated within this kb article:
     • https://knowledge.broadcom.com/external/article?articleNumber=281368 
5. Import the root & intermediate certs into the truststore
   • The root certificate will need to be trusted.  If the certificate chain is proper, the intermediate should not require explicit trusting
     • /opt/CA/IMDataAggregator/jre/bin/keytool -importcert -keystore truststore -alias root_cert -file root.pem
     • /opt/CA/IMDataAggregator/bin/keytool -importcert -keystore truststore -alias intermediate_cert -file intermediate.pem
6. Stop the dadaemon service
   • systemctl stop dadaemon
7. Move the new keystore into the old keystore's location
8. Start the dadaemon service
   • systemctl start dadaemon