Re: Unable to import certificate into keystore
Hi David, http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html says there are two modes for importing certificates. 1. You choose an alias, which is already present in your keystore. keytool will assume, that the cert is a certificate reply (which is probably wrong in your case) 2. The choosen alias is not present in your keystore. keytool thinks the certificate is a trusted certificate. Since I think the second case is the one you are facing. You could either choose another alias and change your code to use the new alias name, or get rid of the old certificate (atleast change its alias). WARNING I haven't tried if it will work, and I really don't know if it should work. So you really really should read the documentation and save the original keystore first. Bye Felix On Wed, September 10, 2008 5:40 pm, [EMAIL PROTECTED] wrote: ... Tomcat version: Tomcat 5.5.20 JDK: 1.5.0_06 OS: Windows Server 2003, Standard Edition ... certificates into our keystore, and things are working fine. Our partner now sends us a new certificate and tells us we need to import this new one. So I execute the following... keytool -import -alias keystore alias -keystore path to keystore\.keystore -file path to certificate\CompanynameProdCert.der Keytool asks me for our keystore password, which I supply, and then I get the following error: keytool error: java.lang.Exception: Public keys in reply and keystore don't match I am a complete and total novice regarding SSL and cryptography in general, so please don't lambaste me for not knowing the basics, but after having consulted Google, I'm pretty much at a loss regarding how to proceed. Any help will be very much appreciated. TIA, David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unable to import certificate into keystore
Felix, Thanks for the reply. Your point #1 was the correct issue (and shows my inexperience with these things). I was trying to import the certificate using an alias name already in use (which I thought was what I was supposed to do). I changed the alias name, and the cert then imported without a problem. Thanks! David On Thu, Sep 11, 2008 at 3:09 AM, Felix Schumacher [EMAIL PROTECTED] wrote: Hi David, http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html says there are two modes for importing certificates. 1. You choose an alias, which is already present in your keystore. keytool will assume, that the cert is a certificate reply (which is probably wrong in your case) 2. The choosen alias is not present in your keystore. keytool thinks the certificate is a trusted certificate. Since I think the second case is the one you are facing. You could either choose another alias and change your code to use the new alias name, or get rid of the old certificate (atleast change its alias). WARNING I haven't tried if it will work, and I really don't know if it should work. So you really really should read the documentation and save the original keystore first. Bye Felix On Wed, September 10, 2008 5:40 pm, [EMAIL PROTECTED] wrote: ... Tomcat version: Tomcat 5.5.20 JDK: 1.5.0_06 OS: Windows Server 2003, Standard Edition ... certificates into our keystore, and things are working fine. Our partner now sends us a new certificate and tells us we need to import this new one. So I execute the following... keytool -import -alias keystore alias -keystore path to keystore\.keystore -file path to certificate\CompanynameProdCert.der Keytool asks me for our keystore password, which I supply, and then I get the following error: keytool error: java.lang.Exception: Public keys in reply and keystore don't match I am a complete and total novice regarding SSL and cryptography in general, so please don't lambaste me for not knowing the basics, but after having consulted Google, I'm pretty much at a loss regarding how to proceed. Any help will be very much appreciated. TIA, David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Unable to import certificate into keystore
This is probably more of a Java issue than a Tomcat issue, but it's directly impacting our use of Tomcat, so I'm sending it here first... Configuration: Tomcat version: Tomcat 5.5.20 JDK: 1.5.0_06 OS: Windows Server 2003, Standard Edition Problem: We use Tomcat for B2B communication with one of our partners over HTTP / HTTPS, implementing some of the RosettaNet interfaces. Tomcat sometimes functions as a client, sometimes as a server for this purpose. For the SSL / HTTPS communications, we and our partners need to recognize each other's certificates. So the person who set this up originally for my company (I inherited this thing from a guy who's no longer here) imported our partner's certificates into our keystore, and things are working fine. Our partner now sends us a new certificate and tells us we need to import this new one. So I execute the following... keytool -import -alias keystore alias -keystore path to keystore\.keystore -file path to certificate\CompanynameProdCert.der Keytool asks me for our keystore password, which I supply, and then I get the following error: keytool error: java.lang.Exception: Public keys in reply and keystore don't match I am a complete and total novice regarding SSL and cryptography in general, so please don't lambaste me for not knowing the basics, but after having consulted Google, I'm pretty much at a loss regarding how to proceed. Any help will be very much appreciated. TIA, David