Hi, Evan. `/etc/certs` directory does exist, it's within the chroot container of your Gluu instance, the one you move to on running `# service gluu-server-3.1.1 login`

Ah ok, that did it. I can see it now. However, when i go to remove the old cert from the keystore, it tells me: keytool -delete -alias <hostname_of_your_Gluu_Server>_httpd -keystore cacerts keytool error: java.lang.Exception: Keystore file does not exist: cacerts I am following the instructions found here: https://gluu.org/docs/ce/3.1.1/admin-guide/certificate/ Which keystore is used for httpd? There is no .jks for the httpd labeled keys. Here is what my /etc/certs directory lists: root@auth:/etc/certs# ls asimba.crt cert_creds.json httpd.key.orig idp-signing.csr openldap.key oxauth-keys.json shibIDP.csr asimba.csr duo_creds.json idp-encryption.crt idp-signing.key openldap.key.orig passport-rp.jks shibIDP.jks asimba.key gplus_client_secrets.json idp-encryption.csr idp-signing.key.orig openldap.pem passport-rp.pem shibIDP.key asimba.key.orig httpd.crt idp-encryption.key openldap.crt openldap.pkcs12 passport-rs.jks shibIDP.key.orig asimba.pkcs12 httpd.csr idp-encryption.key.orig openldap.csr otp_configuration.json scim-rs.jks shibIDP.pkcs12 asimbaIDP.jks httpd.key idp-signing.crt openldap.jks oxauth-keys.jks shibIDP.crt super_gluu_creds.json

Evan, You will need to specify full path to cacerts `/etc/ssl/certs/java/cacerts`

I believe the correct path for 3.1.1 will look like this `/opt/jdk1.8.0_112/jre/lib/security/cacerts`. To be sure, you can first search for `cacerts` within container: `# find / -ipath "*cacerts"` There will be several files in results. To make sure you found the correct one, grep for `_httpd` while listing its contents: `# /opt/jre/bin/keytool -list -v -keystore /opt/jdk1.8.0_112/jre/lib/security/cacerts -storepass changeit | grep '_httpd'`