2 Replies Latest reply on Apr 17, 2010 1:21 PM by jwhitepnv

    "Public keys in reply and keystore don't match trying to import" new goddady certs and gd certs.



      we have working openfire with SSL/TLS, but our certificate expired and now we wanted to renew it. It is signed from GoDaddy.


      I followed these steps:


      keytool -genkey -alias mydomain.tld -keyalg RSA -keysize 2048 -keystore keystore.new


      i entered my data for CN, OU, O etc.... and entered my password for keystore.


      When i list keystore content using keytool i see that my new private key is there.


      Then generated my new CSR file this way:


      keytool -certreq -keystore keystore.new -alias mydomain.tld -file mydomain.tld.csr


      I used this CSR file to get signed GoDaddy cert.


      I received the cert with gd_intermediate.crt, gd_cross_intermediate.crt and gd_cross_intermediate.crt certs.


      Then i tried to import first gd certs this way:


      keytool -import -keystore keystore.new -alias mydomain.tld -file gd_intermediate.crt


      But then i get this error:


      keytool error: java.lang.Exception: Public keys in reply and keystore don't match


      i get this when i try to import also gd_cross_intermediate.crt.


      I checked several times alias that typed to make sure that it is correct and it was.


      How to fix this problem and what can i do?