Hi,
I have checked my keystore and truststore and the intermediate certificate alone is going to expire. I have received a renewed intermediate pem. I believe it is common practice to just replace an expiring intermediate certificate instead of the root. The root will expire in2025. I have replaceed only the intermediate certificate in the trust store using this command. keytool -import -trustcacerts -alias root -file <certificate> -keystore keystore.jks Now I have a question. The trust store contains the intermediate certificate with a clear alias and I could access it. The key store seems to have the entire chain. Not sure if it is possible to update only the intermediate certificate here. How do I update the intermediate certificate and still maintain the chain in the keystore using Openssl or the Java keystore commands ? Thanks, Mohan