How to renew self signed certificate keeping old private key

Say; your self signed certificate has been expired & you want to renew it by keeping same private key.
Lets try out as following.
Step 1    Find out the PrivateKeyEntry of the expired keystore (wso2carbon.jks)
>keytool -list  -keystore wso2carbon.jks | grep PrivateKeyEntry
It is given as the alias called “wso2carbon”
Lets list the certificate details related to the private key entry
 >keytool -list -v  -keystore wso2carbon.jks -alias wso2carbon
 
Step 2 :  Exact private key of the keystore (wso2carbon.jks) file using following two commands,  You need to use the alias which is extracted from Step 1
>keytool -importkeystore -srckeystore wso2carbon.jks -destkeystore wso2carbon.p12 -deststoretype PKCS12 -srcalias wso2carbon
>openssl pkcs12 -in wso2carbon.p12  -nodes -nocerts -out privateKey.pem
Step 3 :  Create new self sign certificate
>openssl req -x509 -new -nodes -key privateKey.pem -sha256 -days 1024 -out newCert.pem
Step 4 : Import new certificate in to the keystore by using same PrivateKeyEntry alias which we found at  Step 1
>keytool -import -keystore wso2carbon.jks -file newCert.pem -alias wso2carbon
Step 5 :  List down the new certificate
>keytool -list -v -keystore wso2carbon.jks -alias wso2carbon
 
You will have a new certificate which has been renewed & you can use the same private key.
Thanks for reading..!!!!
Discuss this article on Stack Overflow

Leave a Reply

Your email address will not be published. Required fields are marked *