I’m importing a SSL certificate to use in Tomcat in my keystore using keytool and it fails with “Public keys in reply and keystore don’t match”
Problem might be declared by the fact that I created a new keystore after I accidentaly removed the old keystore file which I used from my CSR.
Now I received a .crt file and a .ca file. What’s the best way to make SSL work under tomcat in my case now ?
Thanks in advance,
Bas
Your private key was in the keystore you accidently deleted. Public and private key must match, you cannot create one without the other.
(I’m cutting a few corners to keep it short)
The CSR has details about your public key. It is signed by an certificate authority (CA), and package it in a certificate. The private key is not sent to the CA.
So if you generated a new private-public key pair after deleting the original keystore, the public key you now have is not the one in the certificate you received. Even if there was a way to force the public key in there, the cryptography would not work.
You now have two choices :
- Restore a backup and get the old keystore back
- Make a new request
Check more discussion of this question.
