Keytool, CSR and certificate repliesMay 31, 2005Just renewed our code signing certificate. Having heap of trouble importing it back into the keystore. First try: keytool -import -trustcacerts -file thawte.pem -keystore thawte.keystore -alias radinks
that gives: keytool error: java.lang.Exception: Public keys in reply and keystore don't match
Then try deleting the old key (this is a renewal). That works. Now import the certificate again. That too works. Time to sign a jarfile. That does not work. jarsigner: Certificate chain not found for: radinks. radinks must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
Is the error. Now try google, still no luck. Now try again, hopefull the tooth fairy might have fixed whatever was wrong with it while I was googling. The tooth fairy does not exist. Now try the pkcs certificate, keytool error: java.lang.Exception: Certificate reply does not contain public key for <radinks>
Thawte support site says that's because I have the wrong keystore. I will be damned if that is true. This is the only keystore I have been using for the past two years. Now try again after deleting the old cert. keytool error: java.lang.Exception: Input not an X.509 certificate
I think by now, I have seen every single error message that keytool can produce. Try downloading the certificates again. Maybe I have some extra white space at the start and end. Try import again, hey it works! now try signing the jarfile. hey that works too!! now try examining the certificate in the signed jar file. Uh oh, it still has the old cert. Right the obvious thing to do is to delete the old key. The import works, so let's now try jarsigner. jarsigner: Certificate chain not found for: radinks. radinks must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
Back to square one. Follow Up ( June 02 ) : Solved
|
|
