Skip to content

Procedure: Include New Certificate in Truststore

1. Download Certificate via Browser

Using a browser like Firefox:

  1. Go to the Jetty page of AmazonMQ.
  2. Click the lock icon in the address bar.
  3. Select:
    Secure Connection → More Information → Show Certificate
  4. Download the certificate as PEM format.

2. Upload PEM to AWS S3

Upload the PEM file to your S3 bucket:

s3://hv-prod-qc-install/init/

3. Copy PEM File to the Target Instance

Replace [environment] with the appropriate name:

aws s3 cp s3://to-prod-qc-install/init/mq-eu-central-1-amazonaws-com.pem /home/qcuser/qc-install/init/

4. Convert PEM to DER Format

cd /home/qcuser/qc-install/init/
openssl x509 -outform der -in mq-eu-central-1-amazonaws-com.pem -out amqCert.der

5. Import Certificate into Truststore

/apps/opt/java/bin/keytool -import -alias amq -keystore amqCert.ts -file amqCert.der

🔐 Note: When prompted, enter the password found in: /apps/qc/midgard/conf/applicationContext-custom.properties

6. Copy Truststore to .ssh

cp -p amqCert.ts ~/.ssh/

7. Restart Application

cd /apps/bin/
./rcqcair stop-force
./rcqcair start

8. Monitor Application Logs

tail -f /home/qcuser/apps/log/tomcat/catalina.out