On Linux Centos system with java 1.7, is it OK to use a key with alias xyz123 in keystore.jks and a different key with the same alias in cacerts.jks? Or, will something break?
I deleted key with alias 'xyz123' (because it was 1024 bits) in keystore.jks file, then created a new key (for 2048 bits) with alias 'xyz123' for keystore using:
keytool -keysize 2048 -genkey -alias xyz123 -keyalg RSA
-dname "CN=mydomain.com,OU=GF,O=MyCorp,
L=MyCity,ST=MyState,C=US" -validity 7300 -keypass
mypwd -storepass mypwd -keystore keystore.jks
but now I noticed the alias xyz123 (for old key) also exists in cacerts.jks. So, right now the same alias points to different keys between keystore and cacerts. I'm afraid if I repeat the code above but for cacerts, that although a new key goes into cacerts.jks, the same situation will still exist (e.g. the same alias points to different key between keystore and cacerts).
Is there a way to execute the above code but include both keystore and cacerts as line arguments somehow?
Or, perhaps what I need to know is how to generate a key as a separate file somehow, then how to import into each of keystore and cacerts.
You could use the -importkeystore option to import the newly generated key pair to the cacerts.jks keystore.
However, cacerts.jks should not contain private keys. It's a collection of "trust anchors"—certificates that can be used to verify other certificates. I would recommend exporting only the new certificate from keystore.jks, and importing that to cacerts.jks, rather than the complete key pair.