Problem with installing certificate on tomcat server

Hi everyone,

I got a problem with installing let’s encrypt on my tomcat server on Centos 7.

I ran the following commands to install the necessary programs:

sudo yum -y install epel-release
sudo yum -y install certbot

After that I stopped tomcat and forwarded the ssl port using these commands

sudo systemctl stop tomcat
sudo firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443 --permanent
systemctl restart firewalld

Then I generated the certifcate:

sudo keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat/.keystore -keysize 2048
sudo keytool -certreq -alias tomcat -file request.csr -keystore /opt/tomcat/.keystore
sudo certbot certonly --csr request.csr

When I want to add the file to the keystore, it goes wrong.
sudo keytool -import -trustcacerts -alias tomcat -file 0000_chain.pem -keystore /opt/tomcat/.keystore

I need to enter my keystore password, but it always gives me the following error:

keytool error: java.lang.Exception: Public keys in reply and keystore don't match

Hope somebody can help me, I’m really a noob with ssl certificates.

Have you previously used the alias “tomcat”?
If so, try a new alias - tomcat2

Hi,

Thanx for the fast reply!

I tried it with another alias, but I still got the same error.

Thanx !

I think you may need to add the root ca first before adding the 0000_chain.pem

Hi,

Can you tell me how I do that ?

Sorry I never worked with Let’s encrypt before and I have really no clue.

Thanx !

Try:
sudo keytool -import -trustcacerts -alias tomcat -file 0000_fullchain.pem -keystore /opt/tomcat/.keystore

There are some previous forum posts that might help, like

I have no file called 0000_fullchain.pem

what other files are near 0000_chain.pem

i believe the trustedcacerts is for intermediates not the cert itself

-import -trustcacerts

you should use -importcert

let me know the output of

sudo keytool -importcert -alias tomcat -file 0000_chain.pem -keystore /opt/tomcat/.keystore

Andrei

Thanx for the answer, when I run this I get

keytool error: java.lang.Exception: Public keys in reply and keystore don't match

I also have the following files:

0000_cert.pem
0000_chain.pem
0001_chain.pem

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.