Error Message Failed To Establish Chain From Reply Openfire
Contents |
JavaScript and much of it will not work correctly without it enabled. Please turn JavaScript back on and reload this page. All Places > Support > failed to establish chain from reply tomcat Openfire Support > Discussions Please enter a title. You can openfire keystore password not post a blank message. Please type your message and try again. 8 Replies Latest reply
Certificate Chain In Reply Does Not Verify Signature Not Available
on Jan 14, 2012 5:40 AM by Pallav Import SSL Key and Certificate Coolcat May 2, 2007 2:14 PM Hi,I got an SSL Key and
Keytool Error: Java.lang.exception: Public Keys In Reply And Keystore Don't Match
Certificate from my CA. I have some problems to import them into Openfire 3.3.0.I got both files in PEM-Format. Because Openfire says there are in bad format, I use only this parts:---BEGIN RSA PRIVATE KEY---....blabla...---END RSA PRIVATE KEY------BEGIN CERTIFICATE---....blabla...---END CERTIFICATE---I tried the hidden page, mentioned here, to import the files.https://my-jabber-server.com:9091/import-certificate.jspBut I keytool trustcacerts get the following:There was an error one importing private key and signed certificate. Error message: Failed to establish chain from replyThe I tried to import the PEM-Cert form my CA with Java-Keytool:cd openfire/resources/securitykeytool -import -v -trustcacerts -file cert-from-ca.pem -keystore truststorebut this doesn''t help.My CA (my university) is not NOT a Top-Level-CA itself. The certificate chain ends at DFN Top Level CA, which is NOT trusted by any of "default" Top-Level-CAs. Maybe this is the problem...Any ideas?thanks in advance,CoolcatMessage was edited by: Coolcat 39091Views Tags: none (add) This content has been marked as final. Show 8 replies Re: Import SSL Key and Certificate martin.marcher Jul 12, 2007 12:00 AM (in response to Coolcat) I had exactly the same problem,here''s how to do it.get the root CA certificate from your CA (your university in that case)use keytool to import it into $OPENFIRE_HOME/resources/security/truststorethen take you''re rsa key and certificate to the import-certificate.jsp page and impo
This Site Careers Other all forums Forum: Security Failed to establish chain problem Rob Chung Ranch Hand Posts: 46 posted 13 years ago I created a keystore through the use of keytool. I then created a .csr request file through keytool. I then went to the Thawte
Keytool Commands
site and pasted in the data from the .csr file in order to get a temp. certificate from Thawte. I then cut the certificate data generated from Thawte and pasted into a notepad file .cer. I tried to import this .cer file into the keystore I created. I kept having this error: keytool error: java.lang.Exception: Failed to establish chain from reply I then obtained Thawte's own public certificate and saved theat in a .cer file, and imported it into IE6 https://community.igniterealtime.org/thread/26281 through tool>internet options>content>Certificates>other People and then export it in other format so that I can import the Thawte's own cert. as trusted certificate into my keystore. This import worked. But the initial import continued to have the failed to eastablich chain problem. Please can someone give me some ideas? Thanks in advance! Lewin Chan Ranch Hand Posts: 214 posted 13 years ago Hej, I remember having this problem, but I can't remember what I did to fix it https://coderanch.com/t/420253/Security/Failed-establish-chain Here's a couple of things you could try. a) Check jre/lib/security/cacerts... keytool -list -v -keystore cacerts contains thawte's cert. Putting into your local keystore shouldn't be necessary. b) If using jdk1.4, try installing the unlimited jurisdiction policy files. L I have no java certifications. This makes me a bad programmer. Ignore my post. Rob Chung Ranch Hand Posts: 46 posted 13 years ago Lewin, Thank you very much for your quick reply. I did checked that Thawte is one of the trusted entried in my cacerts file. But because I kept having the chain problem, I thought its worth a try to put that into my keystore (which didn't help to solve my problem anyway). I am using 1.4. Will look into the unlimited jurisdiction policy files now. Rob Chung Ranch Hand Posts: 46 posted 13 years ago I have tried the jurisdiction jar files. Still same error. Please do post more ideas if any come up. Thanks! Rob Chung Ranch Hand Posts: 46 posted 13 years ago Any more ideas please? Thanks in advance! Lewin Chan Ranch Hand Posts: 214 posted 13 years ago Is the file that you have in pasted into notepad in a format something along the lines of ---BEGIN CERTIFICATE---- asdfasdf;ljaksd;flkajsdf ----END CERTIFICATE----- I'm not sure that keytool understands PEM format (at least it didn't in 1.3), so you may have to convert it into a DER/CER form
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site http://stackoverflow.com/questions/23611688/keytool-error-java-lang-exception-failed-to-establish-chain-from-reply About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up keytool error: java.lang.Exception: Failed failed to to establish chain from reply up vote 17 down vote favorite 3 Generate keystore: keytool -genkey -alias tomcat -keyalg RSA -keystore my.keystore -keysize 2048 Generate certificate signing request (CSR): keytool -certreq -alias tomcat -keyalg RSA -file my.csr -keystore my.keystore I then go off to my hosting provider and get some certificates. These i installed as follows: keytool -import -alias root -keystore my.keystore -trustcacerts -file gd_bundle-g2-g1.crt failed to establish keytool -import -alias intermed -keystore my.keystore -trustcacerts -file gdig2.crt keytool -import -alias tomcat -keystore my.keystore -trustcacerts -file my.crt When I installed the final certificate (my.crt) I got the following error: keytool error: java.lang.Exception: Failed to establish chain from reply I believe i have imported the chain and in the correct order so I'm very confused by this message. Can anyone see what I'm doing wrong? tomcat ssl-certificate keytool share|improve this question edited Aug 18 at 17:21 Mike C 15.7k63255 asked May 12 '14 at 14:26 Edd 3,90783262 add a comment| 6 Answers 6 active oldest votes up vote 18 down vote accepted I've just discovered that the files godaddy supplied with my certificate are both intermediate certificates (in fact they seem to both be the same intermediate certificate). I got the correct root and intermediate certificates by double clicking on my certificate and looking at the certificate path... from here I could also download each of these certificates and use the steps used in the question to import them share|improve this answer answered May 12 '14 at 15:07 Edd 3,90783262 4 I went to the godaddy cert store at certs.godaddy.com/repository and grab