2 Replies Latest reply on Apr 17, 2010 1:21 PM by jwhitepnv

    "Public keys in reply and keystore don't match trying to import" new goddady certs and gd certs.

    anebi Bronze

      Hi,

       

      we have working openfire with SSL/TLS, but our certificate expired and now we wanted to renew it. It is signed from GoDaddy.

       

      I followed these steps:

       

      keytool -genkey -alias mydomain.tld -keyalg RSA -keysize 2048 -keystore keystore.new

       

      i entered my data for CN, OU, O etc.... and entered my password for keystore.

       

      When i list keystore content using keytool i see that my new private key is there.

       

      Then generated my new CSR file this way:

       

      keytool -certreq -keystore keystore.new -alias mydomain.tld -file mydomain.tld.csr

       

      I used this CSR file to get signed GoDaddy cert.

       

      I received the cert with gd_intermediate.crt, gd_cross_intermediate.crt and gd_cross_intermediate.crt certs.

       

      Then i tried to import first gd certs this way:

       

      keytool -import -keystore keystore.new -alias mydomain.tld -file gd_intermediate.crt

       

      But then i get this error:

       

      keytool error: java.lang.Exception: Public keys in reply and keystore don't match

       

      i get this when i try to import also gd_cross_intermediate.crt.

       

      I checked several times alias that typed to make sure that it is correct and it was.

       

      How to fix this problem and what can i do?