tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Serge Fonville <>
Subject Re: How to install an updated third party SSL certificate for B2B transactions
Date Wed, 09 Sep 2009 15:33:01 GMT

> keytool error: java.lang.Exception: Public keys in reply and keystore don't
> match

Start with that, read the thread and maybe it helps



Serge Fonville

On Wed, Sep 9, 2009 at 5:07 PM, David Uctaa <> wrote:
> I believe all I need to do is import the new certificate into the keystore.
> The certificate from our trading partner appears to be getting used for
> verifying data which has been signed by them and sent to us.
> So I execute the following statement to try to import the new certificate:
> keytool -import -trustcacerts -file <path_to_file_with_.der_extension>
> -keystore .keystore
>  -alias tomcat
> I am asked for the keystore password, and I enter it
> I then receive the following error:
> keytool error: java.lang.Exception: Public keys in reply and keystore don't
> match
> Thoughts on what I'm doing wrong?
> Many thanks.
> On Tue, Sep 8, 2009 at 10:20 AM, Peter Crowther <
>> wrote:
>> 2009/9/8 David Uctaa <>
>> > I have inherited a Tomcat 5.5 installation running on Windows XP.  There
>> > are
>> > processes on this box which do server-to-server connections with a third
>> > party via HTTPS over SSL.  We have installed the third party's SSL
>> > certificate on our server, and they have done likewise with ours.  We use
>> > their certificate for recognizing messages that they have signed and
>> > encrypted, etc.
>> OK.  So the first step is to work out what piece of code uses "their"
>> certificate.
>> It's unlikely to be Tomcat, which probably uses "your" certificate to
>> identify itself to "them" - but it's possible.
>> It's more likely to be one or more B2B web applications (webapps) running
>> inside Tomcat, which probably check returns from "them" to make sure the
>> correct cert has been seen from "their" server.
>>  They have now updated their certificate and sent it to us.
>> > But I do not know how or where to update this on our system.  Do I need
>> to
>> > do something with the keystore?  Are there resources online which will
>> give
>> > me the how-tos on this?  I've googled around and only managed to confuse
>> > myself further.
>> >
>> I think it'll stay confusing until you answer the above question.  You'll
>> have to find / create / mind-read the documentation about which part of the
>> system needs to know about which certificates.  I suspect finding that out,
>> or simply finding the architecture diagram that shows what apps are hosted
>> in what containers and how they communicate, would be very useful to you!
>> Once you've got more information, you can then ask far more targeted
>> questions.  They might be of the Tomcat users if that's relevant, or they
>> might be of some other group that knows about the technology in your B2B
>> webapps.
>> Hope that helps.  I'm not trying to fob you off; I just think we all need
>> some more information about what's on the box!
>> - Peter

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message