Felix, Thanks for the reply. Your point #1 was the correct issue (and shows my inexperience with these things). I was trying to import the certificate using an alias name already in use (which I thought was what I was supposed to do). I changed the alias name, and the cert then imported without a problem.
Thanks! David On Thu, Sep 11, 2008 at 3:09 AM, Felix Schumacher < [EMAIL PROTECTED]> wrote: > Hi David, > > http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html > says there are two modes for importing certificates. > > 1. You choose an alias, which is already present in your keystore. > keytool will assume, that the cert is a certificate reply (which is > probably wrong in your case) > 2. The choosen alias is not present in your keystore. > keytool thinks the certificate is a trusted certificate. > > Since I think the second case is the one you are facing. You could either > choose another alias and change your code to use the new alias name, or > get rid of the old certificate (atleast change its alias). > > WARNING > I haven't tried if it will work, and I really don't know if it should > work. So you really really should read the documentation and save the > original keystore first. > > Bye > Felix > > On Wed, September 10, 2008 5:40 pm, [EMAIL PROTECTED] wrote: > ... > > Tomcat version: Tomcat 5.5.20 > > JDK: 1.5.0_06 > > OS: Windows Server 2003, Standard Edition > ... > > certificates into our keystore, and things are working fine. Our partner > > now sends us a new certificate and tells us we need to import this new > > one. > > So I execute the following... > > > > keytool -import -alias <keystore alias> -keystore <path to > > keystore>\.keystore -file <path to certificate>\CompanynameProdCert.der > > > > Keytool asks me for our keystore password, which I supply, and then I get > > the following error: > > > > keytool error: java.lang.Exception: Public keys in reply and keystore > > don't > > match > > > > I am a complete and total novice regarding SSL and cryptography in > > general, > > so please don't lambaste me for not knowing the basics, but after having > > consulted Google, I'm pretty much at a loss regarding how to proceed. > > > > Any help will be very much appreciated. > > > > TIA, > > David > > > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >