Failed to establish chain from reply when importing an SSL certificate to Clearwell's keystore

Article:TECH215986  |  Created: 2014-03-21  |  Updated: 2015-03-02  |  Article URL http://www.symantec.com/docs/TECH215986
Article Type
Technical Solution

Product(s)

Issue



When importing an SSL certificate to Clearwell's keystore, an error is encountered.


Error



keytool error: java.lang.Exception: Failed to establish chain from reply


Cause



 Root and/or Intermediate certificates have not been imported properly or in the correct order.


Solution



If Root and/or Intermediate certificates have already been imported, remove them.

1. Run the following command:

keytool -delete -alias mydomain -keystore new-server.keystore

DO NOT remove "clearwellkey" alias from keystore.

2. Import the Root certificate

3. Import the Intermediate certificate

4. Import the Site certificate

To determine the Root, Intermediate, and Site certificate

Example Certification Path

1. In the example above, "Verisign" is the Root certificate, "Verisign Class 3 International Server CA - G3" is the Intermediate certificate, and "mydomain.com" is the Site certificate.

2. If the Root and/or Intermediate certificates are not available, they can be exported from the Certification Path tab as seen in the image above.

3. Double-click the certificate and it will open a new window that looks just like the previous one.

4. Next go to the Details tab and click Copy to File.

Example Copy To File

5. Click Next on the window that opens.

6. Choose Base-64 encoded X.509 (.CER)

7. Click Next and choose a filename: example.cer

8. Click Finish and this file can now be used to import this certificate into Clearwell's keystore.

 




Article URL http://www.symantec.com/docs/TECH215986


Terms of use for this information are found in Legal Notices