Hi, > keytool error: java.lang.Exception: Public keys in reply and keystore don't > match
http://lmgtfy.com/?q=Public+keys+in+reply+and+keystore+don%27t+match&l=1 Start with that, read the thread and maybe it helps HTH Regards, Serge Fonville On Wed, Sep 9, 2009 at 5:07 PM, David Uctaa <duc...@gmail.com> wrote: > I believe all I need to do is import the new certificate into the keystore. > The certificate from our trading partner appears to be getting used for > verifying data which has been signed by them and sent to us. > > So I execute the following statement to try to import the new certificate: > > keytool -import -trustcacerts -file <path_to_file_with_.der_extension> > -keystore .keystore > -alias tomcat > > I am asked for the keystore password, and I enter it > > I then receive the following error: > > keytool error: java.lang.Exception: Public keys in reply and keystore don't > match > > Thoughts on what I'm doing wrong? > > Many thanks. > On Tue, Sep 8, 2009 at 10:20 AM, Peter Crowther <peter.crowt...@melandra.com >> wrote: > >> 2009/9/8 David Uctaa <duc...@gmail.com> >> >> > I have inherited a Tomcat 5.5 installation running on Windows XP. There >> > are >> > processes on this box which do server-to-server connections with a third >> > party via HTTPS over SSL. We have installed the third party's SSL >> > certificate on our server, and they have done likewise with ours. We use >> > their certificate for recognizing messages that they have signed and >> > encrypted, etc. >> >> >> OK. So the first step is to work out what piece of code uses "their" >> certificate. >> >> It's unlikely to be Tomcat, which probably uses "your" certificate to >> identify itself to "them" - but it's possible. >> >> It's more likely to be one or more B2B web applications (webapps) running >> inside Tomcat, which probably check returns from "them" to make sure the >> correct cert has been seen from "their" server. >> >> They have now updated their certificate and sent it to us. >> > But I do not know how or where to update this on our system. Do I need >> to >> > do something with the keystore? Are there resources online which will >> give >> > me the how-tos on this? I've googled around and only managed to confuse >> > myself further. >> > >> >> I think it'll stay confusing until you answer the above question. You'll >> have to find / create / mind-read the documentation about which part of the >> system needs to know about which certificates. I suspect finding that out, >> or simply finding the architecture diagram that shows what apps are hosted >> in what containers and how they communicate, would be very useful to you! >> >> Once you've got more information, you can then ask far more targeted >> questions. They might be of the Tomcat users if that's relevant, or they >> might be of some other group that knows about the technology in your B2B >> webapps. >> >> Hope that helps. I'm not trying to fob you off; I just think we all need >> some more information about what's on the box! >> >> - Peter >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org