Chris, Unfortunately, even without the "trustcacerts" argument, it is still giving the same error. keytool error: java.lang.Exception: Failed to establish chain from reply
Thank you. On Sun, Apr 12, 2015 at 7:17 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Fleur, > > On 4/12/15 3:42 PM, Fleur Garage wrote: > > Chris, > > > > Yes, i have imported the root and intermediate certificates > > successfully (using the commands below) but import of the last > > certficate (domain cert) is failing with the chain error. > > > > A. Local self-signed cert generation keytool -genkey -alias tomcat > > -keyalg RSA -keysize 2048 -keystore <hostname>.keystore > > > > B. CSR generation keytool -certreq -keyalg RSA -alias tomcat -file > > <hostname>.csr -keystore <hostname>.keystore > > > > C. Sent CSR for signing and received 4 certificates from Comodo > > AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt > > COMODORSAOrganizationValidationSecureServerCA.crt <hostname>.crt > > > > D. Import Root certificate keytool -import -trustcacerts -alias > > AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore > > <hostname>.keystore > > > > E. Import Intermediate1 certificate keytool -import -trustcacerts > > -alias COMODORSAAddTrustCA -file COMODORSAAddTrustCA.crt -keystore > > <hostname>.keystore > > > > F. Import Intermediate2 certificate keytool -import -trustcacerts > > -alias COMODORSAOrganizationValidationSecureServerCA -file > > COMODORSAOrganizationValidationSecureServerCA.crt -keystore > > <hostname>.keystore > > > > All 3 certificates were successfully imported. > > > > G. Import of domain/server certificate failed keytool -import > > -trustcacerts -alias tomcat -file <hostname>.crt -keystore > > <hostname>.keystore > > > > keytool error: java.lang.Exception: Failed to establish chain from > > reply > > Try removing the "trustcacerts" argument: > > $ keytool -import -alias tomcat -file <hostname>.crt -keystore > <hostname>.keystore > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJVKycqAAoJEBzwKT+lPKRYilkP/0/gtAqiYLd3AVR+taq03rk3 > hho/IHXdyzMhrqvKgttiCRvb53tB+HNkkk0le7R8xDVu9YNvpNFOKZ+qlar5fJQ1 > togbQ1I8n0jekzrORE0Xlni6Kg2ssEjmYOtMBaBRh37Um2S8bX52qR85QiDA+B3K > PY6RXnOUn2ZuMaU8CZZqpiQEoSXbaYavKGlJY1Iy/mVU6rS12JL8N51Zkc9jLX1X > wnhrwbAbn4E9s57d04sC/JJKrd/+aojCtV5LfNPJseRrGPH9pKKrXYWiJmo/beBq > I2Qp5lR4vv/BrssMZ3NdnMIwEI+T/D1yU6L37VdHZvVS8nkBadIcZCktnypeqmji > 8RClOGyCx/n+nOdq5LU+UghgM4jiRYiXZhUhO93QScPVxMTJbLAtxKe/uCKs4TLi > 8xXkjHpyjxoJnCxqp6h/8XgQYbaw+JMoYCn2jI0im0RFOOKOxOrqbIu49+rBKOxs > qI/xlI+A3ySCO536xqZpB4RnA2THwVzo4JiNXI7pXpqClX2pHYA2dnCIloj/lJcS > nK59RWzG3tL4QgdbXPPm44RUBFtMovNWxDH23fFQEApBtfB/+G9gt9+hdHDrw2Gj > JgKKv7cdjJ3VuP40wyyu4odSL9/yf9Zf/q00Nu36dZ9YoX/iUPv/BzWR1T1XPLhj > 9KBrQ57QoXIrHij5JPqX > =4SP4 > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
