-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Fleur,
On 4/10/15 10:40 PM, Fleur Garage wrote: > I am trying to enable SSL on Apache Tomcat/7.0.32. Have generated > a local self-signed cert and CSR and have sent the .csr for > signing. I have received 4 certificates back from Comodo: > AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt, > COMODORSAOrganizationValidationSecureServerCA.crt and my > server/domain certificate. > > Import of Root CA and both Intermediate certificates to my keystore > was successful. I received the message "Certificate was added to > keystore" for each of them. > > But, when I tried to import the server/domain certificate, I am > getting the Failed to establish chain from reply. *keytool -import > -trustcacerts -alias tomcat -file <domain.crt> -keystore > mykeystore* > > Note that the alias (tomcat) I used here is the same alias I used > to generate the csr. Does anyone have an idea on how to resolve > this issue? You'll need to import the root and intermediate certificates from the CA first, which it sounds like you did. Just to confirm, you did something like this: $ keytool -import -alias [Authority.CA] -trustcacerts -file [authority's CA cert] -keystore ${HOSTNAME}.jks $ keytool -import -alias [Authority.intermediate] -trustcacerts -file [authority's intermediate cert] -keystore ${HOSTNAME}.jks (you may have to do this more than once if you have multiple intermediate certificates) $ keytool -import -alias ${HOSTNAME} -file ${HOSTNAME}.crt -keystore ${HOSTNAME}.jks - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVKpWlAAoJEBzwKT+lPKRY7nYP/2n6RGUUNcS6TndwIVqxmYBw PRJoc30j4+radbnCjHRS1xzbFl3NZZE4JchLjllArTC37oPE91WvtQQzk7WiDE4U MXweBmHFI9fbQ4Vhk88d1PVkctwu67dxSwUAZWepb5aF1BY97yWRAUP5kvqWlMez fWweRXE9So90BIIw9MCktn0v/y2LN1B1j0Vx3SrfnCFbZjDobmULIfeDeD03yjgt kfVxq3HJkVUmREoTikmQNgV/5TbEpUooj4nqopq30ALdRjikJxLsWcAkfwTt1Weh cBQ0rnWZY4UopdLV/iXM6MrMvMkr59siY0LDibYkzqLYXIZlsyg36zrauXFosLmW Ppl4iTxi9eUWl5HQaV5hhbySSHGQQPeXtJGrdgSuNy4mFShQWrWlBpEVrhVocJYn IIdX4B3b6oTRFhfJaEbc+CZ1manrp1jv3MPxdtfDy2e548DKTH6wrKgf2S22QCxj fLTYmd2mu4F2zqA3UOkC/epoJdpFhuIMZzKhopnUGPtyUoFJB5x6aEZhddRxjPQ+ PIbjc5ttH9R9z663/bxoaqse8YbZTX9bJqerxtQ+RV/WDO5roVz3XRuZNB9ln983 MRtp8DknIr5TWwhm0DUbB1gYC9TcNRcAi5p1JDNRw3JVGzcr6IHgL2DhQX1Lw3+H zxEpdJ6DJElRONcuK42/ =1/Pn -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org