Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

keytool error: java.lang.Exception: Failed to establish chain from reply

Tags:

ssl-certificate

tomcat

keytool

Generate keystore:

keytool -genkey -alias tomcat -keyalg RSA -keystore my.keystore -keysize 2048

Generate certificate signing request (CSR):

keytool -certreq -alias tomcat -keyalg RSA -file my.csr -keystore my.keystore

I then go off to my hosting provider and get some certificates. These i installed as follows:

keytool -import -alias root -keystore my.keystore -trustcacerts -file gd_bundle-g2-g1.crt keytool -import -alias intermed -keystore my.keystore -trustcacerts -file gdig2.crt keytool -import -alias tomcat -keystore my.keystore -trustcacerts -file my.crt

When I installed the final certificate (my.crt) I got the following error:

keytool error: java.lang.Exception: Failed to establish chain from reply

I believe i have imported the chain and in the correct order so I'm very confused by this message. Can anyone see what I'm doing wrong?

like image 207
Edd Avatar asked May 12 '14 14:05

Edd

People also ask

What is Trustcacerts?

The certificates in cacerts are a kind of default trust list, the officially trusted root certificates (similar to the lists your browser trusts by default). The option is not really necessary since you can always force the import for a certificate.

How do I remove a keystore certificate?

Check the contents of the trust store by entering the following in the command prompt: <JAVA_HOME>\bin\keytool -list -v -keystore truststore -storepass access . Note the alias names of the certificates you want to remove. Enter <JAVA_HOME>\bin\keytool -delete -alias <alias name> -keystore truststore.

What is alias in Keytool command?

KeyStore AliasesAn alias is specified when you add an entity to the keystore using the -genseckey command to generate a secret key, -genkeypair command to generate a key pair (public and private key) or the -importcert command to add a certificate or certificate chain to the list of trusted certificates.

1 Answers

I've just discovered that the files godaddy supplied with my certificate are both intermediate certificates (in fact they seem to both be the same intermediate certificate).

I got the correct root and intermediate certificates by double clicking on my certificate and looking at the certificate path... from here I could also download each of these certificates and use the steps used in the question to import them

enter image description here

like image 87
Edd Avatar answered Sep 27 '22 20:09

Edd
Sign in to Comment

Related questions

Changing Tomcat context path of web project in Eclipse
Where does Eclipse deploy web applications using WTP?
Spring Boot actuator with multiple web applications in a tomcat container throws javax.management.InstanceAlreadyExistsException exception
Sticky Sessions and Session Replication
Getting the actual jsp line number from a stack trace line number?
How can I monitor/log Tomcat's thread pool?
Is anyone using SpringSource tc server as a Tomcat replacement?
TOMCAT SSL Error: Alias name does not identify a key entry
Servlet filters' order of execution
How to set maximum number of rolls and maximum log size for tomcat?
Free Java servlet hosting? [closed]
java.lang.NoClassDefFoundError: org/apache/juli/logging/LogFactory [duplicate]
How to manually deploy a web service on Tomcat 6?
Tomcat not autodeploying war file
Does Tomcat 8 support Java 8?
Tomcat 7 GZIP compression not working
Best Practices - Sending javamail mime multipart emails - and gmail
difference between a valve and a filter
Cannot edit tomcat-users.xml
Where should I keep the credentials of my database?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!