0

Following this link , based on the accepted answer, the reason behind it is because the SSL certificate was generated for a completely different key pair.

But I don't think I generated it with a different key pair.

this is how I did it.

generate keystore:

keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore pbsks.keystore

generate CSR:

keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore pbsks.keystore

use the generated csr to request certificate, then I received the file.

import the root ca, intermed and issued cert.

keytool -import -alias root -keystore pbsks.keystore -trustcacerts -file root.crt

keytool -import -alias intermed -keystore pbsks.keystore -trustcacerts -file intermed.crt

keytool -import -alias tomcat -keystore pbsks.keystore -trustcacerts -file issuedcert.crt.pem

Why is this happening?

AyukNayr
  • 386
  • 2
  • 21

1 Answers1

0

You are generating the key and the csr file from pbsks.keystore, but you are importing the generated certs to tomcat.keystore.

Elvermg
  • 427
  • 6
  • 12
  • Actually, it should be like that really. – AyukNayr Aug 30 '18 at 05:01
  • Found the problem, I really thought pem file is the issued cert but I was wrong. Pem file is the intermediate certificate. – AyukNayr Aug 30 '18 at 05:02
  • Yeah, But I ran into another problem lol. It says connection is not secured but I already installed all certs and it was okay. I was thinking maybe because my domain name and Common name in my CSR did not match? – AyukNayr Aug 31 '18 at 02:19
  • This post can help you with that: https://security.stackexchange.com/questions/175786/is-it-required-to-have-the-same-domain-name-and-common-name-for-ssl-certificate – Elvermg Aug 31 '18 at 12:25