Error while Importing public certificate to a keystore

java certificate ssl-certificate keystore keytool
47,081

Solution 1

I think you are not properly following certificate signin process. Checkout this discussion https://forums.oracle.com/thread/1533940 to implement them properly by following below steps:

  1. create a keystore keytool -genkey -keyalg RSA -keystore test.keystore -validity 360 (this generates a keystore and a key (DC) with alias of "mykey")

  2. create a Certificate Signing Request (CSR). keytool -certreq -keyalg RSA -file test.csr -keystore test.keystore (this generates a text CSR file)

  3. Had signed cert generated: http://www.instantssl.com/ssl-certificate-support/csr_generation/ssl-certificate-index.html

  4. Imported signed certificate (watch out for CRLFs if pasting signed cert from step 3) keytool -import -alias newkey -file <signed cert file> -keystore test.keystore (?important that this has an alias different to step 1 (which defaults to "mykey")?

  5. Export public key for client usage keytool -export -alias mykey -file test.publickey -keystore test.keystore

On Server system

  1. create a truststore keytool -genkey -keyalg RSA -keystore test.truststore -validity 360 (this generates a keystore and a key (DC) with alias of "mykey")

  2. Import public key - for testing SSL SOAP service via client keytool -import -file test.publickey -keystore test.truststore

The problem was letting the alias in steps 1 and 6 default to "mykey". When I changed step 6 to be: keytool -genkey -alias testAlias -keyalg RSA -keystore test.truststore -validity 360

you can import using step 7 above (though I did add "-alias apublickey" in step 7). This worked for me.

Solution 2

You can use keyStore explorer gui tool to generate keystore/certificate and for importing/exporting certificate into keystore.

Solution 3

Please change the alias from tomcat to any other as you are using the same alias for Keystore -genkey

Share:
47,081
DanMatlin
Author by

DanMatlin

Updated on May 25, 2020

Comments

  • DanMatlin
    DanMatlin almost 4 years

    I have a public certificate from a CA. I want to create a Java SSL connection using this certificate. I referred How can I use different certificates on specific connections? and Java SSL connection with self-signed certificate without copying complete keystore to client. From this I understand that I need to import the certificate into a keystore. However I haven't received any keystore from the CA. I created a keystore and tried to import the public certificate to it. But then I get the following error:

    keytool error: java.lang.Exception: Public keys in reply and keystore don't match

    Do i need a keystore from the CA or am i doing something wrong?

    Command used to create the keystore:

    keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks

    Command used to import the cert:

    keytool -import -v -alias tomcat -file signed-cert.pem -keystore keystore.jks
  • Numan Karaaslan
    Numan Karaaslan almost 4 years
    i made the same mistake. that error message is ridiculous. thanks :D

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?
Keytool create a trusted self signed certificate
keytool -genkey error: Keystore file does not exist
Difference between Entry Type "keyEntry" and "trustedCertEntry" in a keystore
keytool : Certificate import gives error message - Keystore was tampered with, or password was incorrect
How to add certificate chain to keystore?
I'm having trouble getting SHA1 certificate with keytool
Extending expiration date of trustedCertEntry within a keystore
Where the KeyStore password and key password stored
Error javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure