-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Adam,
On 6/26/18 1:32 PM, Cybulski, Adam M wrote: > Hi Chris, Thanks for the help, > >>> keytool -import -alias meg -keystore c:\Tomcat8\meg.keystore >>> -file "C:\Tomcat8\meg_library_albany_edu_cert.cer" >> That last step should have been to import using the same alias as >> the first step. That will update the self-signed >certificate >> with the CA-signed certificate. > > I deleted the keystore and the certs and started over so there > wouldn't be any garbage data in it, I followed all the same steps > as before, but when I get to this one I used the command: > > keytool -import -alias tomcat -keystore c:\Tomcat8\meg.keystore > -file "C:\Tomcat8\meg_library_albany_edu_cert.cer" > > It returned the error: keytool error: java.lang.Exception: Failed > to establish chain from reply Did you re-create your private key? I hope you kept a backup otherwise you might have to get your CA to re-sign the certificate from scratch. If they try to charge you again just say "my key has been compromised and I'd like a replacement". They should do it for free. >>> Any help you can give me in resolving this error is greatly >>> appreciated. > >> You should switch from JKS/JCEKS to PKCS12 keystores, since those >> Java-specific ones are being deprecated and >(not quickly enough) >> dropped from Java. > > Can you aim me at a guide to this? The steps I've been following > are just from whatever I've found online. Most of the articles seem > pretty dated. No particular guide (other than the one Mark posted in reply). To use PKCS12 files, just add "-storetype PKCS12" to every command you execute. Otherwise, the default is the JKS "Java KeyStore" keystore type . - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsygIUACgkQHPApP6U8 pFjTKg/+JnQsmqcgOCStpBbJSy3Uh4gYrFWCKWEu3EzJJ7cOxoFDY5SbCNV27D+8 3QgTwQF2wyJOF63fQqyRD8vJrUBavIeIDQyvXyQqOD3OPHR9SgESkTthUEbqjLjM D83DtogUEvE4IPyeuguticYmETGaIrHvvU27jyYJcNNSjTYHS/iJQQifD/vbyaBS TsTzDYtT2h4B+nd+oEPEBr2c0jeUwf1fCghp4fVGspFVccFze0LZpYrqoi4K/op1 xyoCnS5H9vDfSpC3DlJZVgEWWQ6vEgSSG8E66IdLxk591QkfK3DzuyRpqglyDVdE i7fexaVYlQ5lvEQzYOOFktrfteCJDOBZTCXRxvGqfspwG0sjbejR/cSfL4/cD2Xx 1EEotZ8LrfxhoUKpm9hxdRMRaUHlaUrAHLyupacx/MKqVZA5SIlD7pLpA7+iSzfF uI1eYWJWVjqLZEWVx2JWpKZNOPJ0R95hRRMLCOgG9n0JiFTAup4Mcrirt8GJgNyq HHP5mUo3yMfqhy73tu0kaXTfkFyeCSdNtZhrq1Rat4MtlGaXpuvm8K/HLFXYndAr nd0pBuVN0e5TesRk3/5pxiToYZcSoGeTW6sqMgnqj2tFCAvAWKtA4bVtb1lG7Wp2 mpYbkRLntVw05zN9ThLfNTJXVTx1f9LDT91/NSh61r4SbcN3v8A= =WIvh -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
