- Create a directory under an app/site in Red Hat server
/path/cert - Download a root CA certificate and copy to the above folder. Check the certificate expiration
openssl x509 -text -noout -in certnew.cer - Create a new keystore
keytool -genkey -lias NAME -keyalg RSA -keystore NAME.jksls /path/cert should show the above two files
certnew.cer
NAME.jks - Generate CSR for SAN certificate
keytool -certreq -keylag RSA alias NAME -file site.cer -keystore NAME.jks -ext SAN=dns:site.abc.com,dns:abc.com - Use CA to generate certificate by copying the content of site.csr to the certificate request. Download the certificate. I saved it as site.abc.com.cer
- Import root certificate certnew.cer into key store
keytool -import -alias root -keystore NAME.jks -trustcacerts -file certnew.cer - Import the site certificate from 5 above
keytool -import -alias NAME -keystore NAME.jks -trustcacerts -file site.abc.com.cer - List the content of the keystore and it should now contain the root certificate and the site certificate
keytool -list -keystore NAME.jks
Note: Make sure to add the relative path to the new keystore file in your application configuration file
site.config
[httpd]
/home/path/cert/NAME.jks