tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Serge Fonville <serge.fonvi...@gmail.com>
Subject Re: How to install an updated third party SSL certificate for B2B transactions
Date Wed, 09 Sep 2009 15:33:01 GMT
Hi,

> keytool error: java.lang.Exception: Public keys in reply and keystore don't
> match

http://lmgtfy.com/?q=Public+keys+in+reply+and+keystore+don%27t+match&l=1

Start with that, read the thread and maybe it helps

HTH

Regards,

Serge Fonville

On Wed, Sep 9, 2009 at 5:07 PM, David Uctaa <ductaa@gmail.com> wrote:
> I believe all I need to do is import the new certificate into the keystore.
> The certificate from our trading partner appears to be getting used for
> verifying data which has been signed by them and sent to us.
>
> So I execute the following statement to try to import the new certificate:
>
> keytool -import -trustcacerts -file <path_to_file_with_.der_extension>
> -keystore .keystore
>  -alias tomcat
>
> I am asked for the keystore password, and I enter it
>
> I then receive the following error:
>
> keytool error: java.lang.Exception: Public keys in reply and keystore don't
> match
>
> Thoughts on what I'm doing wrong?
>
> Many thanks.
> On Tue, Sep 8, 2009 at 10:20 AM, Peter Crowther <peter.crowther@melandra.com
>> wrote:
>
>> 2009/9/8 David Uctaa <ductaa@gmail.com>
>>
>> > I have inherited a Tomcat 5.5 installation running on Windows XP.  There
>> > are
>> > processes on this box which do server-to-server connections with a third
>> > party via HTTPS over SSL.  We have installed the third party's SSL
>> > certificate on our server, and they have done likewise with ours.  We use
>> > their certificate for recognizing messages that they have signed and
>> > encrypted, etc.
>>
>>
>> OK.  So the first step is to work out what piece of code uses "their"
>> certificate.
>>
>> It's unlikely to be Tomcat, which probably uses "your" certificate to
>> identify itself to "them" - but it's possible.
>>
>> It's more likely to be one or more B2B web applications (webapps) running
>> inside Tomcat, which probably check returns from "them" to make sure the
>> correct cert has been seen from "their" server.
>>
>>  They have now updated their certificate and sent it to us.
>> > But I do not know how or where to update this on our system.  Do I need
>> to
>> > do something with the keystore?  Are there resources online which will
>> give
>> > me the how-tos on this?  I've googled around and only managed to confuse
>> > myself further.
>> >
>>
>> I think it'll stay confusing until you answer the above question.  You'll
>> have to find / create / mind-read the documentation about which part of the
>> system needs to know about which certificates.  I suspect finding that out,
>> or simply finding the architecture diagram that shows what apps are hosted
>> in what containers and how they communicate, would be very useful to you!
>>
>> Once you've got more information, you can then ask far more targeted
>> questions.  They might be of the Tomcat users if that's relevant, or they
>> might be of some other group that knows about the technology in your B2B
>> webapps.
>>
>> Hope that helps.  I'm not trying to fob you off; I just think we all need
>> some more information about what's on the box!
>>
>> - Peter
>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message