Hi all,
I am deploying a new vCD environment. Our HTTP and CONSOLEPROXY need to use the same wildcard SSL certificate. This is an existing GeoCerts certificate so I cannot request using CSR. I've found the documentation very lacking on this front, so far I've been able to:
1. Create the keystore: ./keytool -genkey -alias http -keyalg RSA -keysize 2048 -keystore /opt/keystore/domain_com.jks. I filled in all the DN information and a keystore password.
2. Import the root cert: ./keytool -storetype JCEKS -storepass ******** -keystore /opt/keystore/domain_com.jks -import -alias root -file /opt/keystore/Geotrust_root.cer
3. Import the intermediate cert: ./keytool -storetype JCEKS -storepass ******** -keystore /opt/keystore/domain_com.jks -import -alias intermediate -file /opt/keystore/GeoTrust_intermediate_Primary.cer
I get stuck at importing the HTTP certificate:
Import the HTTP cert: ./keytool -storetype JCEKS -storepass ******** -keystore /opt/keystore/domain_com.jks -import -alias http -file /opt/keystore/wildcard_domain_com.cer
I receive the error "keytool error: java.lang.Exception: Public keys in reply and keystore don't match"
I can import the same certificate to the CONSOLEPROXY alias fine.
Looking at the certificates afterwards, they are all there and show the thumbprints.