Java certificates for Jive

This document shows the handling with Java certificates managed with keystore tool (which is part of Java SDK). If the certificate changes on proxy (intranet.example.com), the certificate also must be replaced in Jive. Basically following steps are necesary to replace the certificate in Java keystore:

• Check out the certifcate, see chapter List imported certificates

/usr/local/jive/java/bin/keytool -list -storepass changeit -keystore \
/usr/local/jive/java/jre/lib/security/cacerts|grep -Pi 'swiss|vaps|intranet'

• Remove the old intranet certificate Remove old certificatess

/usr/local/jive/java/bin/keytool -v -delete -storepass changeit -alias intranet \
-keystore /usr/local/jive/java/jre/lib/security/cacerts

• Add the new certificate Import certs for prodserver (PROD)

/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit -alias intranet \
-file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts

First, you must change into directory, where the certificates are installed.

cd /root/certs

Now, you can import the certificates:

/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-file appserver.intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias intranet -file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias devserver -file devserver.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts

First, you must change into directory, where the certificates are installed.

cd /root/certs

Now, you can import the certificates:

/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-file appserver.intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias intranet -file intranet.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts
/usr/local/jive/java/bin/keytool -v -importcert -storepass changeit \
-alias prodserver -file prodserver.example.com.crt -keystore /usr/local/jive/java/jre/lib/security/cacerts

Just use following command:

/usr/local/jive/java/bin/keytool -list -storepass changeit -keystore \
/usr/local/jive/java/jre/lib/security/cacerts|grep -Pi 'swiss|vaps|intranet'

The list should look like this:

swisssignplatinumg2ca, Oct 31, 2008, trustedCertEntry,
swisssignsilverg2ca, Oct 31, 2008, trustedCertEntry,
devserver, Nov 18, 2014, trustedCertEntry,
intranet, Nov 18, 2014, trustedCertEntry,
swisssigngoldg2ca, Oct 31, 2008, trustedCertEntry,

To remove a certificate in keystore, the easiest way is to remove it by using the alias, see List imported certificates.

/usr/local/jive/java/bin/keytool -v -delete -storepass changeit -alias intranet \
-keystore /usr/local/jive/java/jre/lib/security/cacerts