keytool error: Public keys in reply and keystore don't match

Lucas Gonze (lucas@gonze.com)
Wed, 25 Aug 1999 20:58:28 -0400

Date: Wed, 25 Aug 1999 20:58:28 -0400
From: Lucas Gonze <lucas@gonze.com>
To: java-security@java.sun.com
Subject: keytool error: Public keys in reply and keystore don't match

I am certain that my keystore hasn't changed since I sent off the request for a
certificate and got the response. Any ideas on how to this approach this problem?

This is the command I'm using:
keytool -v -debug -import -alias webbank -trustcacerts -file
c:/medianow/cert_response_RSA.p7c

keytool error: Public keys in reply and keystore don't match
java.lang.Exception: Public keys in reply and keystore don't match
at sun.security.tools.KeyTool.establishCertChain(Compiled Code)
at sun.security.tools.KeyTool.installReply(KeyTool.java:1069)
at sun.security.tools.KeyTool.doCommands(Compiled Code)
at sun.security.tools.KeyTool.run(KeyTool.java:116)
at sun.security.tools.KeyTool.main(KeyTool.java:110)

One possible explanation is that when I first got back the response, I attempted to import
the CA cert under the same alias as the certificate request. This was, obviously, a user
error. Is it possible that this corrupted the public key for this alias?

- Lucas Gonze