0

I have installed four certificates as my CA suggests me but once I list certificates any private key is showed:

keytool -list -keystore ertstore02.keystore -storepass pass4certstore02

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 4 entries

root, Sep 4, 2015, trustedCertEntry,
Certificate fingerprint (SHA1):  XX:XX:X:XX
latiendamiga.com, Sep 4, 2015, trustedCertEntry,
Certificate fingerprint (SHA1):  XX:XX:X:XX
intermed, Sep 4, 2015, trustedCertEntry,
Certificate fingerprint (SHA1):  XX:XX:X:XX
root_01, Sep 4, 2015, trustedCertEntry,
Certificate fingerprint (SHA1):  XX:XX:X:XX

Installation was executed as follow:

keytool -import -trustcacerts -keystore certstore02.keystore -alias root -file gd-class2-root.crt -storepass pass4certstore02
keytool -import -trustcacerts -keystore certstore02.keystore -alias root_01 -file gdroot-g2_cross.crt -storepass pass4certstore02
keytool -import -trustcacerts -keystore certstore02.keystore -alias intermed -file gdig2.crt -storepass pass4certstore02
keytool -import -trustcacerts -keystore certstore02.keystore -alias latiendamiga.com -file certissues4me.crt -storepass pass4certstore02

Then it doesn't work and I don't know how fix it.

Could somebody help me to fix it?

Thanks in advance.

Donal Fellows
  • 133,037
  • 18
  • 149
  • 215
fern
  • 13
  • 6
  • @dave_thompson_085; @EJP First of all, I apreciate a lot your answer. I have used the same alias and the same keystore file, as you can see: keytool -keysize 2048 -genkey -alias latiendamiga.com -keyalg RSA -keystore certstore02.keystore keytool -certreq -alias latiendamiga.com -file csr.txt -keystore certstore02.keystore cat csr.txt Server was rebuilded and re-key, probably the error is there, do you know if there are any way to check it? – fern Sep 05 '15 at 08:38
  • Define 're-key'. If the private key has changed (why?), any certificate relying on the old key is unusable. Please don't post computer input or output in comments. You can see for yourself that it's quite illegible. – user207421 Sep 05 '15 at 09:37

1 Answers1

0

You have to import the signed certificate using the same alias you used when generating the keypair and the CSR. Otherwise they are not associated.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • 1
    The same alias **and the same keystore file**. The OP's `-list` shows no privatekey in this file under any alias, so it must be the wrong file. – dave_thompson_085 Sep 05 '15 at 00:23
  • @dave_thompson_085 Quite so. – user207421 Sep 05 '15 at 01:39
  • During the re-key a little diference was found in OU, then generated cert file was diferent that Private Key one. I have re-key and it work. Thanks for help. – fern Sep 05 '15 at 16:16