Running thought the list, I have the original keystore.jks file which expires in a week. I made a new file, newkey.jks, created the csr, got the 2 certificates (ROOT and intermediate) and added them both. I can use the following to verify;
keytool -list -v -keystore newkey.jks -alias myalias and get the info (this is just the top);
Alias name: myalias
Creation date: Sep 2, 2011
Entry type: PrivateKeyEntry
Certificate chain length: 3
Owner: CN=api.mydomain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)11, OU=GT06273877, O=api.mydomain.com, C=US, SERIALNUMBER=uqovQ4SFeb-FcCu5KrGxbRef3IomKkVc
Issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
Serial number: 2fea8
Valid from: Tue Aug 30 22:56:35 EDT 2011 until: Fri Nov 01 03:05:11 EDT 2013
So looking at the above, all seemed correct. I went to the default domain.xml file and made the 2 changes to the file path for the new keystore and restared. The 1st time it died instantly with the server.log spitting out the following;
Caused by: java.lang.IllegalStateException: Keystore was tampered with, or password was incorrect
So I looked a bit more, and read how the original password was probably still there, so I issued a password reset to the default password and restared again. This time I got the following error;
So that is where I am stuck and not enough knowledge on what to do from here. Ironically the java.net forums was both slow and even better, I registered, confirmed, logged in, then on the message board, you can't create a new message as it says you must be logged in. YOu click the login icon and get a "your already logged in" ... classic!
So with that, I am not sure if I should look into adding the updated certificate to the current keystore (not sure if that can even be done), or figuring out what the above is and how to get past it. Any help, commands I can provide, etc. please let me know as time is ticking for me!