Importing SSL Certificate shows Certificate reply does not contain public key for tomcatssl

book

Article ID: 205814

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction

We are having difficulty importing the Certificate required to setup SSL in OneClick.   We have tried a few formats and it is failing.   When we issue this import  command:

./keytool -import -alias tomcatssl -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file certificate.p7b

We receive the following error:

Certificate reply does not contain public key for tomcatssl

We reviewed the cacerts keystore to verify there is a valid entry for alias tomcatssl:

./keytool -list -v -keystore $SPECROOT/custom/keystore/cacerts > cacerts_keystore.OUT

Cause

The order of the certs in the certificate were incorrect.

Environment

Release : 20.2

Component : Spectrum Core / SpectroSERVER

Resolution

We needed to have the Certificate Authority (CA) regenerated the p7b certificate file specifying root first, then intermediate, then entity.  They had initially generated it as entity, intermediate, and root which does not work.