Error Importing SSL Certificate into PeopleSoft



You may get below errors when Trying to import new certificate against existing key alias (i.e. myalias) with pskeymanager.cmd/sh


"pskeymanager -import": Error "keytool error: java.lang.Exception: Public keys in reply and keystore don't match

Import failed. Verify that the Certificate Authority that signed 'www.mybasicknowledge.blogspot.com'
has been loaded into your keystore 'keystore\pskey'

keytool error: java.lang.Exception: Certificate reply does not contain public key for

Import failed. Verify that the Certificate Authority that signed Concat.cer
has been loaded into your keystore /peopletools/webserv/peoplesoft/keystore/pskey



The error indicates that the server certificate (public key), does not match the key entry (private key) in the keystore with the specified alias (i.e. myalias).

Its mismatch between the issued certificate and the certificate request file resulted in the error message




The certificate file was not generated by the CSR file, it was generated by a different CSR file. Simply create a new certificate and signed by server certificate again Or used last generated CSR request to get server certificate (public key) again



How to create CSR request
pskeymanager.cmd/sh –create

How to import CSR response
pskeymanager.cmd/sh -import

How to see List
pskeymanager.cmd/sh -list


Note: pskeymanager.cmd/sh located under  <%PS_HOME%>/webserv/<Domain>/piabin

and pskey located under  <%PS_HOME%>/webserv/<Domain>/piaconfig/keystore

Recommendation:
It always have a good practice to save pskey file before starting work, so you can restore if error occur.