I do have a Jks file (key.jks) in which an existing SHA1 certs(server.cer) with the alias name abc .The certrficate are expired and I have to renew this with the new certs I got . The previous entry was with the entrytype PrivateKeyEntry .I have deleted the old entry and I try to import the new certs using the keytool import command it is always adding the entryType as trustedCertEntry due to which the handshake is getting failed.The command I am using is below .
keytool -import -keystore key.jks -storepass changeit -alias abc -file server.cer
How can I add this certs as PrivateKeyEntry type . I am using the same alias which was used with the old Certificate . Any help Much appreciated
A PrivateKeyEntry is actually a "Key Pair" with 3 parts. A private key, a public key and a certificate. The certificate may be self-signed or signed by other entity (trusted certificate authority - CA).
A trustedCertEntry is only a certificate with the assigned public key (no private key).
When a certificate expires, you can either create a new keypair, a certificate signing request (csr) and when the CA issues a new certificate, you can import the certificate reply.
Sometimes the CA may issue a new certificate for the same public key, so you just need to import the reply.
Importing the certificate (reply) - you actually did well the second part. If you import a certificate and there is already an existing keypair (PrivateKeyEntry), the keytool checks if the certificate matches the public key and then replaces the old certificate with the new one keeping the private key.
The problem is that you did delete your private key. I hope you have a backup. If not, I'd suggest to create a new keypair and request a new certificate.