we have working openfire with SSL/TLS, but our certificate expired and now we wanted to renew it. It is signed from GoDaddy.
I followed these steps:
keytool -genkey -alias mydomain.tld -keyalg RSA -keysize 2048 -keystore keystore.new
i entered my data for CN, OU, O etc.... and entered my password for keystore.
When i list keystore content using keytool i see that my new private key is there.
Then generated my new CSR file this way:
keytool -certreq -keystore keystore.new -alias mydomain.tld -file mydomain.tld.csr
I used this CSR file to get signed GoDaddy cert.
I received the cert with gd_intermediate.crt, gd_cross_intermediate.crt and gd_cross_intermediate.crt certs.
Then i tried to import first gd certs this way:
keytool -import -keystore keystore.new -alias mydomain.tld -file gd_intermediate.crt
But then i get this error:
keytool error: java.lang.Exception: Public keys in reply and keystore don't match
i get this when i try to import also gd_cross_intermediate.crt.
I checked several times alias that typed to make sure that it is correct and it was.
How to fix this problem and what can i do?