Provided by Sebastian Nay

First get a new clean PFX:

Using the Utility (found here - https://www.digicert.com/util) to rekey/reissue and create a new PFX file:

  1. Create a new CSR: https://www.digicert.com/util/csr-creation-microsoft-servers-using-digicert-utility.htm
  2. Rekey/Reissue your certificate: https://www.digicert.com/ssl-support/ssl-certificate-reissue.htm
  3. Download the new certificate file from within your account.
  4. Import the certificate back into the utility: https://www.digicert.com/util/ssl-certificate-installation-using-digicert-utility-for-microsoft-servers.htm
  5. Export the certificate from the utility as a PFX file: https://www.digicert.com/util/pfx-certificate-management-utility-import-export-instructions.htm

Next, use this command to convert the PFX into a new JKS (this process automatically assigns a random server alias if you are creating a new Keystore):

keytool -importkeystore -srckeystore DigiCertBackup.pfx -srcstoretype pkcs12 -destkeystore your_keystore_name.jks -deststoretype jks

Note: For your_keystore_name.jks, you can enter an existing keystore name to import in to, or enter a new name to have it create a new keystore.

After you have the new JKS, implement in the connector or server configuration file as normal.