You may get below errors when Trying to import
new certificate against existing key alias (i.e. myalias) with pskeymanager.cmd/sh
"pskeymanager -import": Error "keytool
error: java.lang.Exception: Public keys in reply and keystore don't match
Import failed. Verify that the Certificate Authority that signed 'www.mybasicknowledge.blogspot.com'
has been loaded into your keystore 'keystore\pskey'
Import failed. Verify that the Certificate Authority that signed 'www.mybasicknowledge.blogspot.com'
has been loaded into your keystore 'keystore\pskey'
keytool
error: java.lang.Exception: Certificate reply does not contain public key for
Import failed. Verify that the Certificate Authority that signed Concat.cer
has been loaded into your keystore /peopletools/webserv/peoplesoft/keystore/pskey
Import failed. Verify that the Certificate Authority that signed Concat.cer
has been loaded into your keystore /peopletools/webserv/peoplesoft/keystore/pskey
The error
indicates that the server certificate (public key), does not match the key
entry (private key) in the keystore with the specified alias (i.e. myalias).
Its mismatch between
the issued certificate and the certificate request file resulted in the error message
The certificate file was not generated by the CSR file, it was generated by a different CSR file. Simply create a new certificate and signed by server certificate again Or used last generated CSR request to get server certificate (public key) again
pskeymanager.cmd/sh –create
How to import CSR response
pskeymanager.cmd/sh -import
How to see List
pskeymanager.cmd/sh -list
and pskey located under
<%PS_HOME%>/webserv/<Domain>/piaconfig/keystore
Recommendation:
It always have a good practice to save pskey file before starting work, so you can restore if error occur.