keystore.jks

This is a critical file that stores your server's local certificate keypair (for the web server and API), and also the secret key used for encrypting message data, exports, and anything else. Note that usually the name of this file is "keystore.jks" and it resides inside of appdata, but the keystore name and location can be modified from mirth.properties File.

Warning: If you plan on making any changes to this file, BACK IT UP first! If you lose this file, any data (messages, exports, etc.) encrypted with it will be lost forever!

Changing The Server Certificate

When Mirth® Connect starts up for the first time, it will automatically create a new self-signed certificate, which it will use for web server and secure API access. After installing Mirth® Connect, you should replace this with an appropriate company certificate signed by a Certificate Authority (CA). Use the following steps to install a new certificate:

BACK UP your current keystore.jks file.
Have your new keypair ready to import in a PCKS #12 format. Example: myservercert.p12
In a terminal / shell, navigate to the location of your keystore.jks file.

Use this command:

keytool -importkeystore -srckeystore myservercert.p12 -srcstoretype PKCS12 -srcstorepass mystorepass -srckeypass mykeypass -srcalias myalias -destkeystore keystore.jks -deststoretype JCEKS -deststorepass 81uWxplDtB -destkeypass 81uWxplDtB -destalias mirthconnect

Make sure to change the file names, passwords, and local alias as necessary. The -destalias option must be "mirthconnect" though in order to overwrite the current certificate.

Restart the Mirth® Connect server.

keystore.jks

Recommendations

Application Data Directory

Before You Upgrade

Installation Directory

Using Docker Images