Creating a local keystore for each node

For each node, create a keystore with the node's signed certificate that is hosted locally.

For each node in the cluster, create a keystore and import the signed certificate.


  1. Import the root certificate into each node's keystore:
    keytool -keystore node0.keystore.jks \
    -alias node_name \
    -importcert -file '../ca/rootCa.crt' \
    -noprompt  -keypass myKeyPass \
    -storepass myKeyPass
    Where following must match the items created in the previous steps:
    Warning: An error occurs, keytool error: java.lang.Exception: Failed to establish chain from reply, if the signed certificate for the node is imported before the root certificate.
  2. Import the node's signed certificate into corresponding keystore:
    keytool -keystore node0.keystore.jks \
    -alias node_name \
    -importcert -noprompt \
    -file node0.crt_signed \
    -keypass myKeyPass \
    -storepass myKeyPass
    where the alias name must match the alias name used to generate the signing request. See Creating a certificate signing request.
    Confirmation of the installation appears, repeat both steps for each node's keystore:
    Certificate reply was installed in keystore