powered by Jive Software

"Public keys in reply and keystore don't match trying to import" new goddady certs and gd certs

Hi,

we have working openfire with SSL/TLS, but our certificate expired and now we wanted to renew it. It is signed from GoDaddy.

I followed these steps:

keytool -genkey -alias mydomain.tld -keyalg RSA -keysize 2048 -keystore keystore.new

i entered my data for CN, OU, O etc… and entered my password for keystore.

When i list keystore content using keytool i see that my new private key is there.

Then generated my new CSR file this way:

keytool -certreq -keystore keystore.new -alias mydomain.tld -file mydomain.tld.csr

I used this CSR file to get signed GoDaddy cert.

I received the cert with gd_intermediate.crt, gd_cross_intermediate.crt and gd_cross_intermediate.crt certs.

Then i tried to import first gd certs this way:

keytool -import -keystore keystore.new -alias mydomain.tld -file gd_intermediate.crt

But then i get this error:

keytool error: java.lang.Exception: Public keys in reply and keystore don’t match

i get this when i try to import also gd_cross_intermediate.crt.

I checked several times alias that typed to make sure that it is correct and it was.

How to fix this problem and what can i do?

Ok, i got it, I I found out that i need to use different aliases when i import these root certs from godady. This is why keytool returned this error.

What server type did you use to download the cert at godaddy?