I believe all I need to do is import the new certificate into the keystore. The certificate from our trading partner appears to be getting used for verifying data which has been signed by them and sent to us.
So I execute the following statement to try to import the new certificate: keytool -import -trustcacerts -file <path_to_file_with_.der_extension> -keystore .keystore -alias tomcat I am asked for the keystore password, and I enter it I then receive the following error: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Thoughts on what I'm doing wrong? Many thanks. On Tue, Sep 8, 2009 at 10:20 AM, Peter Crowther <peter.crowt...@melandra.com > wrote: > 2009/9/8 David Uctaa <duc...@gmail.com> > > > I have inherited a Tomcat 5.5 installation running on Windows XP. There > > are > > processes on this box which do server-to-server connections with a third > > party via HTTPS over SSL. We have installed the third party's SSL > > certificate on our server, and they have done likewise with ours. We use > > their certificate for recognizing messages that they have signed and > > encrypted, etc. > > > OK. So the first step is to work out what piece of code uses "their" > certificate. > > It's unlikely to be Tomcat, which probably uses "your" certificate to > identify itself to "them" - but it's possible. > > It's more likely to be one or more B2B web applications (webapps) running > inside Tomcat, which probably check returns from "them" to make sure the > correct cert has been seen from "their" server. > > They have now updated their certificate and sent it to us. > > But I do not know how or where to update this on our system. Do I need > to > > do something with the keystore? Are there resources online which will > give > > me the how-tos on this? I've googled around and only managed to confuse > > myself further. > > > > I think it'll stay confusing until you answer the above question. You'll > have to find / create / mind-read the documentation about which part of the > system needs to know about which certificates. I suspect finding that out, > or simply finding the architecture diagram that shows what apps are hosted > in what containers and how they communicate, would be very useful to you! > > Once you've got more information, you can then ask far more targeted > questions. They might be of the Tomcat users if that's relevant, or they > might be of some other group that knows about the technology in your B2B > webapps. > > Hope that helps. I'm not trying to fob you off; I just think we all need > some more information about what's on the box! > > - Peter >
