Keystore file and certificate validity

The keystore file is used to manage certificates that verify the identity of users, servers, or applications, and to store private keys used for encryption and digital signatures. While the keystore itself does not expire, the certificates within it have defined validity periods.

Once a certificate in the keystore expires, secure (HTTPS) communication using that certificate will fail until the certificate is renewed or replaced. As a system administrator, you must monitor certificate expiration dates and renew certificates before they expire to prevent interruptions.

To check the expiration date of a certificate within a keystore, use the following command: 
keytool -list -v -keystore "<keystore path>" -alias <alias>
For example, 
Alias name: myalias
Creation date: Dec 9, 2024
Entry type: trustedCertEntry
Valid from: Mon Dec 09 14:57:55 EST 2024 until: Sun Mar 09 15:57:55 EDT 2025
or 
Alias name: expireInOneYear
Creation date: Feb 4, 2025
Valid from: Tue Feb 04 12:26:18 EST 2025 until: Wed Feb 04 12:26:18 EST 2026
Note: If a certificate is near or past its expiration date, you must generate a new certificate and import it to the keystore.
To renew a certificate, you must follow these steps:
  1. Generate a new Certificate Signing Request (CSR).
  2. Submit the CSR to a Certificate Authority (CA) for signing.
  3. Import the newly signed certificate back into the keystore.