Hi Michael,
Yes, it will import the p12 keystore into the existing keystore as long as you point it there. As for whether any changes are necessary... I think that depends on whether there was an alias associated with the certificates when the .p12 certificate was created. You should be able to check this with command: openssl pkcs12 -info -in <your p12 filename>
My understanding is that the Bag Attributes -> friendlyName will be the name that is used as the alias when bringing into JKS. If there is no friendlyName then I was able to specify one in the destination keystore using:
keytool -importkeystore -destkeystore <my keystore filename> -deststorepass <destpass> -srckeystore <my p12 filename> -srcstoretype PKCS12 -srcstorepass <srcstore password> -srcalias 1 -destalias <my dest alias>
The thing that I'm not clear on is whether or not you will get an error if you try importing something that it already has an alias for. If it updates the alias with the new data, great. No additional changes except a Nolio Server service should be necessary.
If you need to change the alias then at a minimum you'll need to update your conf/server.xml.
The above is true specifically for updating the certs on the management server and updating the certificate used by the ROC. If you setup certificates between your NAC and NES then you may very well have to update the truststore on your NES. And if you had used the same certificate to secure ASAP with its own certificate then you may need to recreate the custom-truststore.jar and sign it with the new/updated certificate.
Kind regards,
Gregg