<[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > I am running two web servers on the same Linux machine. 1) is running > Apache 1.3.23 (Unix) and 2) Jakarta-Tomcat-4.1.24. I have been able to > successfully import and configure a Digital Certificate from Verisign into > the Apache web server. When I attempt to import the Digital Certificate > into the keystore for Tomcat I receive the following error message: > > keytool error: java.lang.Exception: Public keys in reply and keystore > don't match > > Here are the steps that I have been following: > > To generate the original csar: > > # openssl req -new -nodes -keyout private.key -out public.csr > # openssl rsa -in private.key -des3 -out secureprivate.key > > To import the file into Tomcat I did the following: > > # keytool -genkey -alias tomcat -keyalg RSA > (This created the keystore in the home directory)
The private-key in the keystore has to match the public key in the cert. Doing this means that they won't match. You should either generate the CSR using keytool (it sounds like it is too late for that :), or look at the Tomcat 5 "SSL Howto" for an example of importing an openssl cert. > > # keytool -import -alias root -keystore .keystore \-trustcacerts > -file /etc/httpd/ssl.crt/intermediate.crt > (The chain certificate from Verisign) > > # keytool -import -alias tomcat -keystore .keystore -trustcacerts -file > /etc/httpd/ssl.crt/server.crt > Enter keystore password: changeit > > keytool error: java.lang.Exception: Public keys in reply and keystore > don't match > > > What am I doing wrong? Do I need to follow a different procedure for Tomcat? > Any help would be appreciated. > > -- > Joseph A Rickard > System Administrator > Best Value Technology Inc. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
