How to add an issued certificate to the JBOSS SSL keystore
search cancel

How to add an issued certificate to the JBOSS SSL keystore


Article ID: 35702


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)


Many users want/need to replace the default SSL certificate located in the JBOSS keystore for numerous reasons/restrictions in their environment. This task can become very difficult with certain options not being used or following the correct process. This can result in a multitude of errors and a process longer than it should.


Privileged Identity Manager 12.9


1.     Create a new ssl.keystore with the alias of entm in it.
# keytool -genkey -alias entm -keyalg RSA -keystore ssl.keystore -storepass SSLKEYSTORE_PASSWORD -dname  

2.     Generate a certificate request
# keytool -certreq -keyalg RSA -alias entm -keystore ssl.keystore -file CERT_REQUEST_FILENAME.csr

3.     Send the CRS to the Certificate team and once it’s back, import the root CA first
# keytool -import -keystore ssl.keystore -alias rootCA -file ROOT_CA_CERT_FILENAME.cer

4.     Then the intermediate if there is one
# keytool -import -keystore server.keystore -alias intermediateCA -file INTERMEDIATE_CA_CERT_FILENAME.cer

5.     Then the machine certificate
# keytool -import -alias entm -keystore ssl.keystore -file MACHINE_CERT_FILENAME.cer

6.     Start jboss

Additional Information