Failed to establish chain from reply when importing an SSL certificate to Clearwell's keystore
|Article:TECH215986|||||Created: 2014-03-21|||||Updated: 2015-03-02|||||Article URL http://www.symantec.com/docs/TECH215986|
When importing an SSL certificate to Clearwell's keystore, an error is encountered.
keytool error: java.lang.Exception: Failed to establish chain from reply
Root and/or Intermediate certificates have not been imported properly or in the correct order.
If Root and/or Intermediate certificates have already been imported, remove them.
1. Run the following command:
DO NOT remove "clearwellkey" alias from keystore.
2. Import the Root certificate
3. Import the Intermediate certificate
4. Import the Site certificate
To determine the Root, Intermediate, and Site certificate
1. In the example above, "Verisign" is the Root certificate, "Verisign Class 3 International Server CA - G3" is the Intermediate certificate, and "mydomain.com" is the Site certificate.
2. If the Root and/or Intermediate certificates are not available, they can be exported from the Certification Path tab as seen in the image above.
3. Double-click the certificate and it will open a new window that looks just like the previous one.
4. Next go to the Details tab and click Copy to File.
5. Click Next on the window that opens.
6. Choose Base-64 encoded X.509 (.CER)
7. Click Next and choose a filename: example.cer
8. Click Finish and this file can now be used to import this certificate into Clearwell's keystore.
Article URL http://www.symantec.com/docs/TECH215986