We have created CSR (Certificate Request Generation), as per below commands, for each server(we have 4 servers)
1) KEYSTORE GENERATION for serverapp1
keytool -genkey -alias siebelapp1 -keystore F:\certs\keystore\siebelkeystore.jks -keyalg RSA -sigalg SHA1withRSA -dname "CN=serverhost.domain, C=AU, L=Melbourne, ST=Victoria, O=ABC"
2) GENERATOING CSR for serverapp1
keytool -certreq -alias siebelapp1 -keystore F:\certs\keystore\siebelkeystore.jks -file F:\certs\keystore\siebelkeystoreapp1.csr
And sent it to our security team to sign it with proper CA and send us back, along with root CA certificate
> We received four CA root certificate, one for each server. As per my understanding, root certificate should be only one? But I don't have much idea on this subject, please suggest.
> We received four CSR signed certificate in .csr format
3) IMPORT CERTIFICATES (RROT & CSR Signed) in JKS
a) keytool -importcert -alias ca -file c:\ca\caroot.cer -keystore c:\keys\siebelkeystore.jks ----> ROOT CA CERT
b) keytool -importcert -alias siebel -file c:\keys\siebelkeystoreCASigned.cer -keystore c:\keys\siebelkeystore.jks ----> CSR SIGNED CERT
A] We were able to import first Root CA certificate successfully, but it throws below error, while importing second RootCA certificate
this certificate is already in the keystore under <aliasname>. Do you want to overwrite it ?
What should we do here?
B] While importing CSR signed certificate, received error
java.lang.exception input not an x.509 certificate
Please help to understand the cause of above two issue, and its solution.