AnsweredAssumed Answered

Query on Certificate and Keystore Validity

Question asked by Rajat Das on May 31, 2017

I’ve a technical query on Certificate and Keystore Validity.

 

Recently we have configured the SSL certificates on Tomcat server.

 

.        1.  At the time of generating the keystore file with below command we put the validity of 1 year. 

# keytool -genkeypair -alias abcdef -keystore .keystore_ abcdef -keyalg RSA -keysize 2048 -validity 365

            Test:

# keytool -list -v -alias abcdef -keystore .keystore_ abcdef -storepass admin | grep "Valid from:"

Valid from: Thu May 25 16:12:11 BST 2017 until: Fri May 25 16:12:11 BST 2018

 

  1.       Next we generated the CSR file and sent to CA team and got 3 certificates whose validity is 2 years as below.

Intermediate.cer (Intermediate, Validity- Wed Mar 08 12:00:00 GMT 2023)

Service.cer (Service, Validity- Thu May 02 13:00:00 BST 2019)

Root.cer (Root, Validity- Mon Nov 10 00:00:00 GMT 2031

 

  1.       Then we import the certificates with the keystore and again checked it’s validity.

# keytool -import -alias Intermediate -keystore .keystore_abcdef -trustcacerts -file Intermediate.cer

# keytool -import -trustcacerts -alias abcdef -keystore .keystore_abcdef -file Service.cer 

Test:

# keytool -list -v -alias abcdef -keystore .keystore_ abcdef -storepass admin | grep "Valid from:"

Valid from: Fri Apr 28 01:00:00 BST 2017 until: Thu May 02 13:00:00 BST 2019

Valid from: Fri Mar 08 12:00:00 GMT 2013 until: Wed Mar 08 12:00:00 GMT 2023

Valid from: Fri Nov 10 00:00:00 GMT 2006 until: Mon Nov 10 00:00:00 GMT 2031

 

So now the validity of the keystore file has been updated (from 1 year to 2 years) as per the certificate validity.

My question is will the certificate work after 1 year as the keystore file validity was set as 1 year previously? Or will it work for 2 years as keystore’ s validity got updated once importing the certificates in step-3.

Outcomes