tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Uctaa <duc...@gmail.com>
Subject Re: How to install an updated third party SSL certificate for B2B transactions
Date Wed, 09 Sep 2009 16:12:51 GMT
Gee thanks, I didn't think to Google answers first, that suggestion was very
helpful.

I actually did Google it and read the threads that came up under such
searches.  There were very few threads, and most of them were completely
unanswered.  Those that were answered did not pertain to my circumstance.

A followup question:  If I import certificates to my .keystore file for use
by processes running under Tomcat, do they need to be under the "tomcat"
alias in my .keystore?  Or should each certificate be entered under a
different alias?

On Wed, Sep 9, 2009 at 11:33 AM, Serge Fonville <serge.fonville@gmail.com>wrote:

> Hi,
>
> > keytool error: java.lang.Exception: Public keys in reply and keystore
> don't
> > match
>
> http://lmgtfy.com/?q=Public+keys+in+reply+and+keystore+don%27t+match&l=1
>
> Start with that, read the thread and maybe it helps
>
> HTH
>
> Regards,
>
> Serge Fonville
>
> On Wed, Sep 9, 2009 at 5:07 PM, David Uctaa <ductaa@gmail.com> wrote:
> > I believe all I need to do is import the new certificate into the
> keystore.
> > The certificate from our trading partner appears to be getting used for
> > verifying data which has been signed by them and sent to us.
> >
> > So I execute the following statement to try to import the new
> certificate:
> >
> > keytool -import -trustcacerts -file <path_to_file_with_.der_extension>
> > -keystore .keystore
> >  -alias tomcat
> >
> > I am asked for the keystore password, and I enter it
> >
> > I then receive the following error:
> >
> > keytool error: java.lang.Exception: Public keys in reply and keystore
> don't
> > match
> >
> > Thoughts on what I'm doing wrong?
> >
> > Many thanks.
> > On Tue, Sep 8, 2009 at 10:20 AM, Peter Crowther <
> peter.crowther@melandra.com
> >> wrote:
> >
> >> 2009/9/8 David Uctaa <ductaa@gmail.com>
> >>
> >> > I have inherited a Tomcat 5.5 installation running on Windows XP.
>  There
> >> > are
> >> > processes on this box which do server-to-server connections with a
> third
> >> > party via HTTPS over SSL.  We have installed the third party's SSL
> >> > certificate on our server, and they have done likewise with ours.  We
> use
> >> > their certificate for recognizing messages that they have signed and
> >> > encrypted, etc.
> >>
> >>
> >> OK.  So the first step is to work out what piece of code uses "their"
> >> certificate.
> >>
> >> It's unlikely to be Tomcat, which probably uses "your" certificate to
> >> identify itself to "them" - but it's possible.
> >>
> >> It's more likely to be one or more B2B web applications (webapps)
> running
> >> inside Tomcat, which probably check returns from "them" to make sure the
> >> correct cert has been seen from "their" server.
> >>
> >>  They have now updated their certificate and sent it to us.
> >> > But I do not know how or where to update this on our system.  Do I
> need
> >> to
> >> > do something with the keystore?  Are there resources online which will
> >> give
> >> > me the how-tos on this?  I've googled around and only managed to
> confuse
> >> > myself further.
> >> >
> >>
> >> I think it'll stay confusing until you answer the above question.
>  You'll
> >> have to find / create / mind-read the documentation about which part of
> the
> >> system needs to know about which certificates.  I suspect finding that
> out,
> >> or simply finding the architecture diagram that shows what apps are
> hosted
> >> in what containers and how they communicate, would be very useful to
> you!
> >>
> >> Once you've got more information, you can then ask far more targeted
> >> questions.  They might be of the Tomcat users if that's relevant, or
> they
> >> might be of some other group that knows about the technology in your B2B
> >> webapps.
> >>
> >> Hope that helps.  I'm not trying to fob you off; I just think we all
> need
> >> some more information about what's on the box!
> >>
> >> - Peter
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message