Conflicts OpenSSL versus KeyTool
843811Jan 23 2004 — edited Mar 3 2004Hi all,
I am running two web servers on the same Linux machine.
1) is running Apache 1.3.19 and,
2) Jakarta-Tomcat-4.0.5.
I have been able to successfully import and configure a DigitalCertificate from Verisign into the Apache web server.
When I attempt to import the Digital Certificate into the keystore forTomcat I receive the following error
message:
keytool error: java.lang.Exception: Public keys in reply and keystoredon't match
Here are the steps that I have been following:
To generate the original csar:
# openssl req -new -nodes -keyout private.key -out public.csr
# openssl rsa -in private.key -des3 -out secureprivate.key
To import the file into Tomcat I did the following:
# keytool -genkey -alias tomcat -keyalg RSA
(This created the keystore in the home directory)
# keytool -import -alias root -keystore .keystore -trustcacerts -file /etc/httpd/ssl.crt/intermediate.crt
(The chain certificate from Verisign)
# keytool -import -alias tomcat -keystore .keystore -trustcacerts -file/etc/httpd/ssl.crt/server.crt
Enter keystore password: changeit
QUESTIONS:==========
1) Is there a way to import this CAcertificate into a keystore that wasgenerated using keytool, when the original CSR was generated usingOpenSSL?
2) Can i import RSA key generated with openSSL, into a new keystore made with keytool? I want to import the server.crt (signed from Verisign) to my keystore using keytool.
-> I have read http://marc.theaimsgroup.com/?l=tomcat-user&m=106293430225790&w=2 and i have done all the steps until Step 11. Using IExplorer 6 (windows XP SP1) going to jakarta's app url, the browser Can't find the site, and in the bottom of the page shows little message: "Can't find the name server in DNS" (without error number), but the same URL using Mozilla shows validate Certificate window.
Thanks in advance,
Ignacio Barrancos