I did post a reply to a similar question sometime back. Anyway here its is again
The reason you see the error is because the the Java key store does not contain the CA root certificate. Simply put the keystore does not recognize the certifying authority. To see the availble CA root in you java keystore use the following command keytool -list -keystore $JAVA_HOME/lib/security/cacerts JAVA_HOME on mac os x is /System/Library/Frameworks/JavaVM.framework/Versions/1.3.1/Home The certifying authority is recognized by installing CA's root certificate in the keystore. Now Java ships a whole lot of CA root certificate including verisign but Verisign Test certificate is different. Solution : Install the Test CA root certificate from verisign How To ? keytool -import -alias tomcat -trustcacerts -keystore $JAVA_HOME/lib/security/cacerts -file getcacert.cer (this is ca root file) You can download the file getcacert.cer from http://www.verisign.com/server/trial/faq/ After this install your trial certificate signed from verisign. Hope this helps ~joe --- Bill <[EMAIL PROTECTED]> wrote: > Hello! > > I'm having some problems installing a temporary > Verisign cert using the > SSL-Howto in the Tomcat docs. I'm getting a: > > keytool error: java.lang.Exception: Failed to > establish chain from reply > > I found one post in the archives that had no reply. > I also found some > posts to non-jakarta lists. The other lists had > only one suggestion > which was to import the cert into IE and re-export > it in another > format. I dont use MS anything so this was a pain, > but I managed to do > it. I exported in all available formats and tried > to use each format. > All attempts produced the same error. > > Does anyone have an idea of what the problem may be? > > All comments and suggestions are welcome... > > thanks > > -b > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > ________________________________________________________________________ Missed your favourite TV serial last night? Try the new, Yahoo! TV. visit http://in.tv.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
