tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cybulski, Adam M" <acybul...@albany.edu>
Subject RE: Alias name does not identify a key entry
Date Tue, 26 Jun 2018 18:08:20 GMT
>Did you re-create your private key? I hope you kept a backup otherwise you might have to
get your CA >to re-sign the certificate from scratch.
>If they try to charge you again just say "my key has been compromised and I'd like a replacement".
They >should do it for free.

I did recreate it, I'll do a whole new request rather than an update request. We have an education
license, so it's not coming out of my budget!

-----Original Message-----
From: Christopher Schultz <chris@christopherschultz.net> 
Sent: Tuesday, June 26, 2018 2:06 PM
To: users@tomcat.apache.org
Subject: Re: Alias name does not identify a key entry

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Adam,

On 6/26/18 1:32 PM, Cybulski, Adam M wrote:
> Hi Chris, Thanks for the help,
> 
>>> keytool -import -alias meg -keystore c:\Tomcat8\meg.keystore -file 
>>> "C:\Tomcat8\meg_library_albany_edu_cert.cer"
>> That last step should have been to import using the same alias as the 
>> first step. That will update the self-signed >certificate with the 
>> CA-signed certificate.
> 
> I deleted the keystore and the certs and started over so there 
> wouldn't be any garbage data in it, I followed all the same steps as 
> before, but when I get to this one I used the command:
> 
> keytool -import -alias tomcat -keystore c:\Tomcat8\meg.keystore -file 
> "C:\Tomcat8\meg_library_albany_edu_cert.cer"
> 
> It returned the error: keytool error: java.lang.Exception: Failed to 
> establish chain from reply

Did you re-create your private key? I hope you kept a backup otherwise you might have to get
your CA to re-sign the certificate from scratch.
If they try to charge you again just say "my key has been compromised and I'd like a replacement".
They should do it for free.

>>> Any help you can give me in resolving this error is greatly 
>>> appreciated.
> 
>> You should switch from JKS/JCEKS to PKCS12 keystores, since those 
>> Java-specific ones are being deprecated and >(not quickly enough) 
>> dropped from Java.
> 
> Can you aim me at a guide to this? The steps I've been following are 
> just from whatever I've found online. Most of the articles seem pretty 
> dated.

No particular guide (other than the one Mark posted in reply). To use
PKCS12 files, just add "-storetype PKCS12" to every command you execute. Otherwise, the default
is the JKS "Java KeyStore" keystore type .

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsygIUACgkQHPApP6U8
pFjTKg/+JnQsmqcgOCStpBbJSy3Uh4gYrFWCKWEu3EzJJ7cOxoFDY5SbCNV27D+8
3QgTwQF2wyJOF63fQqyRD8vJrUBavIeIDQyvXyQqOD3OPHR9SgESkTthUEbqjLjM
D83DtogUEvE4IPyeuguticYmETGaIrHvvU27jyYJcNNSjTYHS/iJQQifD/vbyaBS
TsTzDYtT2h4B+nd+oEPEBr2c0jeUwf1fCghp4fVGspFVccFze0LZpYrqoi4K/op1
xyoCnS5H9vDfSpC3DlJZVgEWWQ6vEgSSG8E66IdLxk591QkfK3DzuyRpqglyDVdE
i7fexaVYlQ5lvEQzYOOFktrfteCJDOBZTCXRxvGqfspwG0sjbejR/cSfL4/cD2Xx
1EEotZ8LrfxhoUKpm9hxdRMRaUHlaUrAHLyupacx/MKqVZA5SIlD7pLpA7+iSzfF
uI1eYWJWVjqLZEWVx2JWpKZNOPJ0R95hRRMLCOgG9n0JiFTAup4Mcrirt8GJgNyq
HHP5mUo3yMfqhy73tu0kaXTfkFyeCSdNtZhrq1Rat4MtlGaXpuvm8K/HLFXYndAr
nd0pBuVN0e5TesRk3/5pxiToYZcSoGeTW6sqMgnqj2tFCAvAWKtA4bVtb1lG7Wp2
mpYbkRLntVw05zN9ThLfNTJXVTx1f9LDT91/NSh61r4SbcN3v8A=
=WIvh
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message