keytool error: java.lang.Exception: Certificate reply and certificate in keystore are identical

3
votes

i want to sign my jar file with certificate. i have followed below steps. C:\Program Files\Java\jdk-10.0.2\bin>keytool -genkey -alias testals -keystore testks

C:\Program Files\Java\jdk-10.0.2\bin>keytool -export -keystore testks -alias testals -file testcer.cer

Certificate stored in file

C:\Program Files\Java\jdk-10.0.2\bin>keytool -import -alias testals -file testcer.cer -keystore testks

but while importing getting exception as Certificate reply and certificate in keystore are identical.

please help me how can do this?

2
javasslkeytool
The certificate is already stored in the keystore - why do you want to import it again? (export: copy certificate to file; import: read a certificate from file into the keystore)user85421
@sai did you solve this? I have the same error although it seems you mistyped your sentence.AyukNayr

2 Answers

6
votes

While importing use different alias name, don't use the alias name which used for exporting. It will work.

It's because you are importing the self signed certificate for root, not for the server certificate.

0
votes

The below are identicals observed from your commands and hence the error.

Keystore Name: testks Alias: testals File: testcer.cer

If you need your jar signed, do follow the below steps.

  1. Generate a certificate signing request from your keystore. A sample command for the same looks like the one below.

keytool -certreq -file testks.csr -keystore testks -alias testals -ext SAN=dns:testals

  1. Provide the CSR generated with your IT network security team and request them for the signed certificates

  2. Import the certificate reply like you did earlier, but with the signed certificates and you must no longer see this error.

Let us know if this worked.