IdP SSL Certificate Renewal

Cantor, Scott cantor.2 at
Wed Apr 17 19:32:44 EDT 2019

Certs are effectively free anyway, so any time you need them, just get new ones. The "cost" of losing the private key for a TLS config now is zero. It's very unlike the old days.

There are no specific answers to your questions. Keys and certificates for Java web servers can be anywhere, and in JKS keystores, PKCS12 files, or other formats. That's a local question.

It is, essentially, irrelevant. Start over, build a Jetty (or Tomcat) deployment you can support, and put the credentials where you want them, in the format you want them. I use PKCS12 files in a credentials directory underneath the jetty-base directory tree.

-- Scott

More information about the users mailing list