tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ignacio Barrancos Martinez <>
Subject Conflict openssl versus keytool
Date Fri, 23 Jan 2004 17:10:02 GMT
Hi all,

  I am running two web servers on the same Linux machine.
1) is running Apache 1.3.19 and,
2) Jakarta-Tomcat-4.0.5. 

I have been able to successfully import and configure a Digital
Certificate from Verisign into the Apache web server. 

When I attempt to import the Digital Certificate into the keystore for
Tomcat I receive the following error

keytool error: java.lang.Exception: Public keys in reply and keystore
don't match

Here are the steps that I have been following:

To generate the original csar:

# openssl req -new -nodes -keyout private.key -out public.csr
# openssl rsa -in private.key -des3 -out secureprivate.key

To import the file into Tomcat I did the following:

# keytool -genkey -alias tomcat -keyalg RSA
(This created the keystore in the home directory)

# keytool -import -alias root -keystore .keystore \-trustcacerts
  -file /etc/httpd/ssl.crt/intermediate.crt
(The chain certificate from Verisign)

# keytool -import -alias tomcat -keystore .keystore -trustcacerts -file
Enter keystore password:  changeit

1) Is there a way to import this CAcertificate into a keystore that was
generated using keytool, when the original CSR was generated using

2) Can i import RSA key generated with openSSL, into a new keystore made 
with keytool? I want to import the server.crt (signed from Verisign) to 
my keystore using keytool.

-> I have read
and i have done all the steps until Step 11. Using IExplorer 6 (windows XP SP1) 
going to jakarta's app url, the browser Can't find the site, and in the bottom of 
the page shows little message: "Can't find the name server in DNS" (without error 
number), but the same URL using Mozilla shows validate Certificate window.

Thanks in advance,
Ignacio Barrancos

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message