Error importing signed certificate into AutoSys Web Server keystore - keytool error: java.lang.Exception: Public keys in reply and keystore don't match
book
Article ID: 144719
calendar_today
Updated On:
Products
CA Workload Automation AE - Business Agents (AutoSys)CA Workload Automation AE - System Agent (AutoSys)CA Workload Automation AE - Scheduler (AutoSys)Workload Automation AgentCA Workload Automation AE
Issue/Introduction
While following the product documentation for customizing SSL for the AutoSys Web Server to use a certificate from a trusted Certificate Authority, an error was received when attempting to import the signed private certificate into the keystore:
keytool error: java.lang.Exception: Public keys in reply and keystore don't match
Cause
In AutoSys 11.3.6 SP8, the keystore for the Web Server was changed to a BCFKS storetype. The error occurs when the signed certificate will not import properly into that storetype.
Environment
AutoSys 11.3.6 SP8 UNIX Linux
Resolution
Logon to the AutoSys Web Server machine.
cd to $AUTOUSER/webserver/conf
Backup the existing .keystore file and then remove it.
Create a temporary JKS keystore containing your private key and self-signed certificate...
Request a certificate in PEM format from a certificate authority. Contact the certificate authority that you chose for specific instructions. Obtain the root certificate, any intermediate certificates, and the signed private certificate and place them in $AUTOUSER/webserver/conf on the Web Server machine.
cd back to $AUTOUSER/webserver/conf
Import the root certificate into the temporary keystore...