Merge 2 .jks truststore files
I am using a Tomcat that is SSL enabled, using truststores for client authentication.
I have two .jks trustore files.
The first, I use it for the PROD environment and the other for the TEST environment client certificates.
I deploy the web application, on a Tomcat and until now i was setting one of the above files in the configuration (according to the environment).
Is it possible i can merge those files into one .jks truststore that will accept client certificates both for PROD and TEST environments?
I need to mention that i have the passwords for both truststores.
Thanks!
Answer
You can use the -importkeystore option of keytool to import an entry from one keystore/truststore to another:
keytool -importkeystore -srckeystore test.jks -destkeystore common.jks -srcalias myRootCA -destalias myRootCA_TEST -srcstorepass **** -deststorepass ****
keytool -importkeystore -srckeystore prod.jks -destkeystore common.jks -srcalias myRootCA -destalias myRootCA_PROD -srcstorepass **** -deststorepass ****
The common.jks will then contain both CA to validate the client certificates. However, the application may also need to be reconfigured.