Fix Certificate Import Issue by Generating Unique Aliases in cacert script

.test/tests/java-ca-certificates-update/certs_duplicate_cn/cert1.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICzDCCAbSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1kb2Nr
+ZXJidWlsZGVyMB4XDTI0MDgyNzA5MDIwMFoXDTI1MDgyNzA5MDIwMFowGDEWMBQG
+A1UEAwwNZG9ja2VyYnVpbGRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANIIAbZXdD1qOy/cdaLN0p7emnRUMgMhhL91F7/GA3LBCyURSBTNuaI2ibq+
+BxUjldsv8HOaesLG0Au4iaggnMK6YPHThDOqOw6ME4ghAD/10l6lHf+kTRvN4eC9
+bv3H1jieejVFIgienFfuFKcsNCFKPp4Rh7+D5HHJ3wtBVfaLT4K4q46Qlvkow7s8
+cQ3WSdvpsLDZo7cN1fRWMNHhDFbIs/DGkbhZUAxxUkUoUPyn+zvpRTY6QXoAQe57
+ed9qhhXQcpbHtHN8ecTenC2KEXQuGC0/KaqEJgTqE5W7Ihg0EvGeYpzdSt6ELSFx
+WL3COwk/xTCcIqBPSiYmwPMKmd0CAwEAAaMhMB8wHQYDVR0OBBYEFCspyA0xL4b+
+2/cDj4tGqxI9L0/KMA0GCSqGSIb3DQEBCwUAA4IBAQC/UmqrbRfvmK5YX6uCBVA0
+SczwSuQRM7Zgi8PMCKLH4NvoeP6cYnAc46uaO3sp9iAv/LCw7Rw7A/LvZWmVCYPp
+AstB6kI7nTDHULRGEk3aUar7B8uAVbMNF9V8iOnlk2G2qTvHMW9I4rGtQKqK6YXd
+0m2XZ6UOEzNBPKDHqFfNOYpo1qts5CDLynGIX0tFTSlks5BMrV13xn/4giRj4UHY
+bmElscCTfR/anNxGIBUp7dqGsv4zOeCE6kac4vsENyS+x+a8W0yveTY+TQnfKalT
+KjZXCkPsZp2vZY6eCv2/09L94nXGMB40NDVOaDD/d2fZuQPadRTsF4AqEt9CsN5n
+-----END CERTIFICATE-----

.test/tests/java-ca-certificates-update/certs_duplicate_cn/cert2.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICzDCCAbSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1kb2Nr
+ZXJidWlsZGVyMB4XDTI0MDgyNzA5MDIwNFoXDTI1MDgyNzA5MDIwNFowGDEWMBQG
+A1UEAwwNZG9ja2VyYnVpbGRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANIIAbZXdD1qOy/cdaLN0p7emnRUMgMhhL91F7/GA3LBCyURSBTNuaI2ibq+
+BxUjldsv8HOaesLG0Au4iaggnMK6YPHThDOqOw6ME4ghAD/10l6lHf+kTRvN4eC9
+bv3H1jieejVFIgienFfuFKcsNCFKPp4Rh7+D5HHJ3wtBVfaLT4K4q46Qlvkow7s8
+cQ3WSdvpsLDZo7cN1fRWMNHhDFbIs/DGkbhZUAxxUkUoUPyn+zvpRTY6QXoAQe57
+ed9qhhXQcpbHtHN8ecTenC2KEXQuGC0/KaqEJgTqE5W7Ihg0EvGeYpzdSt6ELSFx
+WL3COwk/xTCcIqBPSiYmwPMKmd0CAwEAAaMhMB8wHQYDVR0OBBYEFCspyA0xL4b+
+2/cDj4tGqxI9L0/KMA0GCSqGSIb3DQEBCwUAA4IBAQAbEOXj4VHl3BvmoLEw3ykk
+5c4CZwTuKOm7gh6MJB6iPZIord/LyjLoMh/Mbhy5uNNKxyA53aeZzsc3q35Uks9K
+Tm02Pz6LQ3gMBvXQ/FfFu1+RXHbDOD5I9enrEsXTx4PGylFv8/9LqBfGiFGxPy6a
+C8s8d22AZsL1P6iwxNoQgfBSSqZhH/mKJyYqFwlqBmo/PQTVt2noWP6afBOfUs4W
+AGaeJUexLAem487MlPuzaSAr397zhvCVt7GNAkMwzU2KxH9auJ/5NFy1YyDSgsa0
+9rcy1gZGzJdOR2AbOZ1FXXqsw91S5SAzb+qR54KIusJ4ON+bPaQc7ZtnNKvbnBxG
+-----END CERTIFICATE-----

.test/tests/java-ca-certificates-update/expected-std-out.txt

@@ -1 +1 @@
-010101000001010101000001
+0101010000010001010100000100

.test/tests/java-ca-certificates-update/run.sh

@@ -10,7 +10,7 @@ CMD1=date
 
 # CMD2 in each run is to check for the `dockerbuilder` certificate in the Java keystore. Entrypoint export $CACERT to
 # point to the Java keystore.
-CMD2=(sh -c "keytool -list -keystore \"\$JRE_CACERTS_PATH\"  -storepass changeit -alias dockerbuilder && keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder2")
+CMD2=(sh -c "keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder && keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder2")
 
 # For a custom entrypoint test, we need to create a new image. This image will get cleaned up at the end of the script
 # by the `finish` trap function.
@@ -75,6 +75,14 @@ echo -n $?
 docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
+# Test run 7: Two certificates with the same CN are mounted and the environment variable is set. 
+# We expect both CMD1 to succeed and CMD2 to find both certificates.
+docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_duplicate_cn:/certificates "$1" $CMD1 >&/dev/null
+echo -n $?
+CMD3=(sh -c "keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder && keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder_02")
+docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_duplicate_cn:/certificates "$1" "${CMD3[@]}" >&/dev/null
+echo -n $?
+
 #
 # PHASE 2: Non-root containers
 #
@@ -119,3 +127,11 @@ docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --
 echo -n $?
 docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
 echo -n $?
+
+# Test run 7: Two certificates with the same CN are mounted and the environment variable is set. 
+# We expect both CMD1 to succeed and CMD2 to find both certificates.
+docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_duplicate_cn:/certificates "$1" $CMD1 >&/dev/null
+echo -n $?
+CMD3=(sh -c "keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder && keytool -list -keystore \"\$JRE_CACERTS_PATH\" -storepass changeit -alias dockerbuilder_02")
+docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_duplicate_cn:/certificates "$1" "${CMD3[@]}" >&/dev/null
+echo -n $?

11/jdk/alpine/entrypoint.sh

@@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
 
         for crt in "$tmp_dir/$BASENAME"-*; do
-            # Create an alias for the certificate
-            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            # Extract the Common Name (CN) and Serial Number from the certificate
+            CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')
+
+            # Check if an alias with the CN already exists in the keystore
+            ALIAS=$CN
+            if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then
+                # If the CN already exists, append the serial number to the alias
+                ALIAS="${CN}_${SERIAL}"
+            fi
+
+            echo "Adding certificate with alias $ALIAS to the JVM truststore"
 
             # Add the certificate to the JVM truststore
             keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null

11/jdk/ubi/ubi9-minimal/entrypoint.sh

@@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
 
         for crt in "$tmp_dir/$BASENAME"-*; do
-            # Create an alias for the certificate
-            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            # Extract the Common Name (CN) and Serial Number from the certificate
+            CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')
+
+            # Check if an alias with the CN already exists in the keystore
+            ALIAS=$CN
+            if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then
+                # If the CN already exists, append the serial number to the alias
+                ALIAS="${CN}_${SERIAL}"
+            fi
+
+            echo "Adding certificate with alias $ALIAS to the JVM truststore"
 
             # Add the certificate to the JVM truststore
             keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null

11/jdk/ubuntu/focal/entrypoint.sh

@@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
 
         for crt in "$tmp_dir/$BASENAME"-*; do
-            # Create an alias for the certificate
-            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            # Extract the Common Name (CN) and Serial Number from the certificate
+            CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')
+
+            # Check if an alias with the CN already exists in the keystore
+            ALIAS=$CN
+            if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then
+                # If the CN already exists, append the serial number to the alias
+                ALIAS="${CN}_${SERIAL}"
+            fi
+
+            echo "Adding certificate with alias $ALIAS to the JVM truststore"
 
             # Add the certificate to the JVM truststore
             keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null

11/jdk/ubuntu/jammy/entrypoint.sh

@@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
 
         for crt in "$tmp_dir/$BASENAME"-*; do
-            # Create an alias for the certificate
-            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            # Extract the Common Name (CN) and Serial Number from the certificate
+            CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')
+
+            # Check if an alias with the CN already exists in the keystore
+            ALIAS=$CN
+            if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then
+                # If the CN already exists, append the serial number to the alias
+                ALIAS="${CN}_${SERIAL}"
+            fi
+
+            echo "Adding certificate with alias $ALIAS to the JVM truststore"
 
             # Add the certificate to the JVM truststore
             keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null

11/jdk/ubuntu/noble/entrypoint.sh

@@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
 
         for crt in "$tmp_dir/$BASENAME"-*; do
-            # Create an alias for the certificate
-            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            # Extract the Common Name (CN) and Serial Number from the certificate
+            CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')
+
+            # Check if an alias with the CN already exists in the keystore
+            ALIAS=$CN
+            if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then
+                # If the CN already exists, append the serial number to the alias
+                ALIAS="${CN}_${SERIAL}"
+            fi
+
+            echo "Adding certificate with alias $ALIAS to the JVM truststore"
 
             # Add the certificate to the JVM truststore
             keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null

11/jre/alpine/entrypoint.sh

@@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
 
         for crt in "$tmp_dir/$BASENAME"-*; do
-            # Create an alias for the certificate
-            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            # Extract the Common Name (CN) and Serial Number from the certificate
+            CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')
+
+            # Check if an alias with the CN already exists in the keystore
+            ALIAS=$CN
+            if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then
+                # If the CN already exists, append the serial number to the alias
+                ALIAS="${CN}_${SERIAL}"
+            fi
+
+            echo "Adding certificate with alias $ALIAS to the JVM truststore"
 
             # Add the certificate to the JVM truststore
             keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null

11/jre/ubi/ubi9-minimal/entrypoint.sh

@@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
 
         for crt in "$tmp_dir/$BASENAME"-*; do
-            # Create an alias for the certificate
-            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            # Extract the Common Name (CN) and Serial Number from the certificate
+            CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')
+
+            # Check if an alias with the CN already exists in the keystore
+            ALIAS=$CN
+            if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then
+                # If the CN already exists, append the serial number to the alias
+                ALIAS="${CN}_${SERIAL}"
+            fi
+
+            echo "Adding certificate with alias $ALIAS to the JVM truststore"
 
             # Add the certificate to the JVM truststore
             keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null

11/jre/ubuntu/focal/entrypoint.sh

@@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
 
         for crt in "$tmp_dir/$BASENAME"-*; do
-            # Create an alias for the certificate
-            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            # Extract the Common Name (CN) and Serial Number from the certificate
+            CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')
+
+            # Check if an alias with the CN already exists in the keystore
+            ALIAS=$CN
+            if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then
+                # If the CN already exists, append the serial number to the alias
+                ALIAS="${CN}_${SERIAL}"
+            fi
+
+            echo "Adding certificate with alias $ALIAS to the JVM truststore"
 
             # Add the certificate to the JVM truststore
             keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null

11/jre/ubuntu/jammy/entrypoint.sh

@@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
 
         for crt in "$tmp_dir/$BASENAME"-*; do
-            # Create an alias for the certificate
-            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            # Extract the Common Name (CN) and Serial Number from the certificate
+            CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')
+
+            # Check if an alias with the CN already exists in the keystore
+            ALIAS=$CN
+            if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then
+                # If the CN already exists, append the serial number to the alias
+                ALIAS="${CN}_${SERIAL}"
+            fi
+
+            echo "Adding certificate with alias $ALIAS to the JVM truststore"
 
             # Add the certificate to the JVM truststore
             keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null

11/jre/ubuntu/noble/entrypoint.sh

@@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
 
         for crt in "$tmp_dir/$BASENAME"-*; do
-            # Create an alias for the certificate
-            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            # Extract the Common Name (CN) and Serial Number from the certificate
+            CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')
+
+            # Check if an alias with the CN already exists in the keystore
+            ALIAS=$CN
+            if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then
+                # If the CN already exists, append the serial number to the alias
+                ALIAS="${CN}_${SERIAL}"
+            fi
+
+            echo "Adding certificate with alias $ALIAS to the JVM truststore"
 
             # Add the certificate to the JVM truststore
             keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null

17/jdk/alpine/entrypoint.sh

@@ -72,8 +72,18 @@ if [ -n "$USE_SYSTEM_CA_CERTS" ]; then
         csplit -s -z -b %02d.crt -f "$tmp_dir/$BASENAME-" "$i" '/-----BEGIN CERTIFICATE-----/' '{*}'
 
         for crt in "$tmp_dir/$BASENAME"-*; do
-            # Create an alias for the certificate
-            ALIAS=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            # Extract the Common Name (CN) and Serial Number from the certificate
+            CN=$(openssl x509 -in "$crt" -noout -subject -nameopt -space_eq | sed -n 's/^.*CN=\([^,]*\).*$/\1/p')
+            SERIAL=$(openssl x509 -in "$crt" -noout -serial | sed -n 's/^serial=\(.*\)$/\1/p')
+
+            # Check if an alias with the CN already exists in the keystore
+            ALIAS=$CN
+            if keytool -list -keystore "$JRE_CACERTS_PATH" -storepass changeit -alias "$ALIAS" >/dev/null 2>&1; then
+                # If the CN already exists, append the serial number to the alias
+                ALIAS="${CN}_${SERIAL}"
+            fi
+
+            echo "Adding certificate with alias $ALIAS to the JVM truststore"
 
             # Add the certificate to the JVM truststore
             keytool -import -noprompt -alias "$ALIAS" -file "$crt" -keystore "$JRE_CACERTS_PATH" -storepass changeit >/dev/null