zeepay
Regular Visitor

No certificate matches private key

Hello Guys,

 

I've been encountering this error for a while in completing the "Create Keystores" step for go live.

 

The private key & CSRs are generated (using openssl) and uploaded and the cert is issued.

The final step of generating a "PKCS" file out of the certs keeps failing with the error message "No certificate matches private key"

Does anybody have any suggestions as to how to work around this please.

 

Thanks.

 

 

1 REPLY 1
DianaTran
Visa Dev Moderator

Re: No certificate matches private key

Hey @zeepay,

 

Here is an example of how I generated a CSR File and submitted it to the Visa Developer Portal Visa Account Updater Project successfully. Please kindly use my example below as an example to help you generate the CSR and client key store (e.g. the JKS file / clientkeystore.jks ). Please follow step by step shown below but instead please enter in your own data (e.g. replace my data with your own). Please let us know if you have questions.

 

 

Microsoft Windows [Version 10.0.15063]

(c) 2017 Microsoft Corporation. All rights reserved.

 

C:\Users\dtran>cd C:\Users\dtran\Documents\Test Project\20190621 VAU test1

 

C:\Users\dtran\Documents\Test Project\20190621 VAU test1>keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore clientkeystore.jks -storepass Password123 -keypass Password123 -dname "CN=services.visa.com, OU=VDP, O=Visa Inc., L=Foster City, ST=California, C=US"

 

Warning:

The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore clientkeystore.jks -destkeystore clientkeystore.jks -deststoretype pkcs12".

 

C:\Users\dtran\Documents\Test Project\20190621 VAU test1>keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore clientkeystore.jks -storepass Password123 -keypass Password123 -dname "CN=services.visa.com, OU=VDP, O=Visa Inc., L=Foster City, ST=California, C=US"

keytool error: java.lang.Exception: Key pair not generated, alias <client> already exists

 

C:\Users\dtran\Documents\Test Project\20190621 VAU test1>keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore clientkeystore.jks -storepass Password123 -keypass Password123 -dname "CN=services.visa.com, OU=VDP, O=Visa Inc, L=Foster City, ST=California, C=US"

keytool error: java.lang.Exception: Key pair not generated, alias <client> already exists

 

C:\Users\dtran\Documents\Test Project\20190621 VAU test1>keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore keystore.jks -storepass Password123 -keypass Password123 -dname "CN=service.visa.com, OU=VDP, O=Visa Inc, L=Foster City, ST=California, C=US"

 

Warning:

The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12".

 

C:\Users\dtran\Documents\Test Project\20190621 VAU test1>keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -keystore clientkeystore.jks -storepass Password123 -keypass Password123 -dname "CN=service.visa.com, OU=VDP, O=Visa Inc, L=Foster City, ST=California, C=US"

keytool error: java.lang.Exception: Key pair not generated, alias <client> already exists

 

C:\Users\dtran\Documents\Test Project\20190621 VAU test1>keytool -certreq -alias client -keystore clientkeystore.jks -storepass Password123 -keypass Password123 -file certreq.csr

 

Warning:

The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore clientkeystore.jks -destkeystore clientkeystore.jks -deststoretype pkcs12".

 

C:\Users\dtran\Documents\Test Project\20190621 VAU test1>

 

 

 

 




Thanks,

Diana



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.