Create the Truststore

A truststore contains certificates from other parties that you expect to communicate with, or from Certificate Authorities that you trust to identify other parties.

The first step is to export the certificate that we’ll be trusting (don’t forget to substitute your password and domain name):

sudo keytool -export -alias tomcat \
  -file /etc/letsencrypt/live/ssl.example.com/tomcat.cer \
  -keystore /etc/letsencrypt/live/ssl.example.com/keystore.jks \
  -storepass changeit -noprompt

The command has been separated by \ and a carraige return for clarity.

A successful response will be: Certificate stored in file </etc/letsencrypt/live/ssl.example.com/tomcat.cer>

After we have the exported certificate, import it into the truststore:

sudo keytool -import -trustcacerts -alias tomcat \
  -file /etc/letsencrypt/live/ssl.example.com/tomcat.cer \
  -keystore /etc/letsencrypt/live/ssl.example.com/truststore.jks \
  -storepass changeit -noprompt

A successful response will be: Certificate was added to keystore.

As a verification step, your letsencrypt directory (/etc/letsencrypt/live/ssl.example.com/) should contain these files:

sudo ls /etc/letsencrypt/live/ssl.example.com/
cert.pem   fullchain_and_key.p12  keystore.jks  tomcat.cer
chain.pem  fullchain.pem          privkey.pem   truststore.jks

the keystore.jks and truststore.jks are used by Red5 Pro.