"Keytool error: java.lang.Exception: Failed to establish chain from reply" When importing an SSL certificate to Clearwell's keystore
|Article:TECH215986|||||Created: 2014-03-21|||||Updated: 2014-03-31|||||Article URL http://www.symantec.com/docs/TECH215986|
When importing an SSL certificate to Clearwell's keystore, an error is encountered.
keytool error: java.lang.Exception: Failed to establish chain from reply
Clearwell 7.1.1 - 7.1.5
Root and/or Intermediate certificates have not been imported properly or in the correct order.
- If Root and/or Intermediate certificates have already been imported, remove them.
- "keytool -delete -alias mydomain -keystore new-server.keystore"
- DO NOT remove "clearwellkey" alias from keystore.
- Import the Root certificate.
- Import the Intermediate certificate
- Import the Site certificate
- If whether the certificate is Root or Intermediate is unknown, this information can be obtained by viewing the Site certificate but double-clicking the file:
- In the example above, "Verisign" is the Root certificate, "Verisign Class 3 International Server CA - G3" is the Intermediate certificate, and "mydomain.com" is the Site certificate.
- If the Root and/or Intermediate certificates are not available, they can be exported from the Certification Path tab as seen in the image above.
- Double-click the certificate and it will open a new window that looks just like the previous one.
- Next go to the Details tab and click "Copy to File"
- Click "Next" on the window that opens
- Choose "Base-64 encoded X.509 (.CER)
- Click "Next" and choose a filename: "example.cer"
- Click "Finish" and this file can now be used to import this certificate into Clearwell's keystore.
Article URL http://www.symantec.com/docs/TECH215986