24.5 Preserving Self-Signed Certificates During the Upgrade

If your Vibe site uses self-signed certificates for SSL connections to other services, such as LDAP, WebDAV, and so on, the Vibe installation program can preserve SSL connectivity by automatically importing the certificates that you identify in your old JAVA Certificate Store (cacerts) to the new OpenJDK cacerts file.

The process works as follows:

  1. You must identify the aliases of the certificates you want to have imported to the new certificate store. If you are unsure of any alias names, you can list the aliases in the current cacerts file using a command similar to the following:

    keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

  2. When you run the Vibe installer, you are prompted to enter the alias names, separated by commas.

  3. The Vibe installer makes appropriate backup copies of the old and new cacerts files.

  4. When the installation process concludes, the new OpenJDK installation is configured for secure communications just like your previous Java installation.