cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Tomcat SSL Install Error "Public keys in reply and keystore don't match"

I have successfully installed my Tomcat SSL certificate for years with these Java commands:

 

keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
keytool -certreq -keyalg RSA -alias tomcat -file my.csr -keystore tomcat.keystore
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gd_bundle-g2-g1.crt
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file my.crt

 

But last week I ran these commands got this Java error:

"Public keys in reply and keystore don't match"

 

I assumed that the problem was mine and spent many many hours trying to fix that error.

I finally came to the conclusion that the error was with the crt file and the problem GoDaddy's fault.

I downloaded the "Other" zip file instead of the "Tomcat" zip file.

I reran the my.crt import command and problem solved!

 

1 REPLY 1
Highlighted
Solution

Re: Tomcat SSL Install Error "Public keys in reply and keystore don't match"

Hmmmm....for what it's worth I ran into the exact same problem and using the Other.zip worked for me as well!

 

I'm a novice at SSL certificates but I followed the GoDaddy instructions for Tomcat to the letter for generating a Keystore and CSR ( https://www.godaddy.com/help/tomcat-generate-csrs-and-install-certificates-5239 )

 

Once my certificate was ready I downloaded the zip for Tomcat and ran into the "keytool error: java.lang.exception: public keys in reply and keystore don't match" error when attempting to import my certificate using -alias tomcat

 

I used the Other.zip, imported both the root bundle and my certificate with no errors and my browser shows no problem with the certificate.