Updating SSL certs for Jetty servers

So i’m using a standard SSL cert like any other server would have (with a cert for the domain, and intermediate cert)

The following combines the intermediate & server cert into one. Goes in order of your server cert first, followed by intermediate, next intermediate (if needed), etc.

sudo cat my-domain.crt intermediate.crt > cert-chain.txt

These then convert the chain cert & key into a pkcs12 format

openssl pkcs12 -export -inkey my-domain.key -in cert-chain.txt -out my-domain.pkcs12

This then uses the pkcs12 file and imports it into your keystore. I used a new keystore as i’ve only got the one domain on the Jetty server

sudo keytool -importkeystore -srckeystore my-domain.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

These came from a number of Stack Overflow articles (accidentally closed them prior to writing this — sorry guys!)

Leave a Reply