Error Message Failed To Establish Chain From Reply
Contents |
Symantec Products & Services Partners Support My Account SSL Certificates Symantec™ Safe Site Code Signing Two-Factor Authentication error message failed to establish chain from reply openfire Risk-Based Authentication Public Key Infrastructure (PKI) Services All Products and keytool error failed to establish chain from reply Services I NEED TO Secure My Website Manage My Security Infrastructure Increase Consumer Confidence Detect keytool error java.lang.exception failed to establish chain from reply Fraud Online Digitally Sign My Code INFORMATION FOR Enterprise Small Business SSL Partner Programs Symantec™ Safe Site Partner Program Authentication Partner Programs All Partner
Keytool Error Java.lang.exception Failed To Establish Chain From Reply Linux
Programs PARTNER CENTRE SSL and Symantec™ Safe Site partner resources. User name: Password: Email support for login help. BECOME A PARTNER Become an SSL Partner Become a Symantec™ Safe Site Partner Become a Technical Alliance Partner Become an Authentication Services Reseller SSL Certificates Support Symantec™ Safe Site Support Code Signing keytool error java.lang.exception failed to establish chain from reply godaddy Support Digital IDs for Secure Email Support Managed PKI Support All Support KNOWLEDGE CENTRE Get answers to your questions. Step 1: Select a product SSL Certificates Support Symantec™ Safe Site Support Code Signing Support Digital IDs for Secure Email Support Managed PKI Support Managed PKI for SSL Support VIP Authentication Service Support VIP Access for Mobile Identity Protection Centre Support VIP Fraud Detection Service Support Example: What is Seal-in-Search? Error: Please complete both steps. SSL Certificates Symantec™ Trust Centre Sign In Symantec™ Safe Site Symantec™ Trust Centre Sign In Code Signing Code Signing Portal for Microsoft Windows Mobile Sign In(Requires a valid Administrator ID.) Partners Symantec™ Partner Centre Sign In CHECK ORDER STATUS Enter the order number from your confirmation email. Sorry...Please supply a document ID for the article you are searching for. Contact Support Contact Authentication Services Knowledge Center Change Product Search
certificate for Keytool to chain to. Keytool relies on https://knowledge.symantec.com/kb/index?page=content&actpl=CROSSLINK&id=SO5102 a root certificates in order to install the certificate. 2. Error occurs because the JDK keystore is very particular about the format of https://support.comodo.com/index.php?/Knowledgebase/Article/View/343/17/keytool-error-failed-to-establish-chain-from-reply the Certificate. This error is related to the format the certificate has been downloaded in. Please make sure you download the (default) PKCS#7 format certificate and import this into your keystore. JDK prefers this format, which contains a complete certificate chain and which includes your certificate, as well as the Signer's certificate (Root CA certificate). (1978 vote(s)) Helpful Not helpful Comments (0) Help Desk Software by Kayako
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies http://stackoverflow.com/questions/23611688/keytool-error-java-lang-exception-failed-to-establish-chain-from-reply of this site About Us Learn more about Stack Overflow the company https://onemoretech.wordpress.com/2015/02/14/installing-an-ssl-cert-for-openfire/ Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a failed to minute: Sign up keytool error: java.lang.Exception: Failed to establish chain from reply up vote 17 down vote favorite 3 Generate keystore: keytool -genkey -alias tomcat -keyalg RSA -keystore my.keystore -keysize 2048 Generate certificate signing request (CSR): keytool -certreq -alias tomcat -keyalg RSA -file my.csr -keystore my.keystore I then go off to my hosting provider and get some certificates. These i installed as failed to establish follows: keytool -import -alias root -keystore my.keystore -trustcacerts -file gd_bundle-g2-g1.crt keytool -import -alias intermed -keystore my.keystore -trustcacerts -file gdig2.crt keytool -import -alias tomcat -keystore my.keystore -trustcacerts -file my.crt When I installed the final certificate (my.crt) I got the following error: keytool error: java.lang.Exception: Failed to establish chain from reply I believe i have imported the chain and in the correct order so I'm very confused by this message. Can anyone see what I'm doing wrong? tomcat ssl-certificate keytool share|improve this question edited Aug 18 at 17:21 Mike C 15.7k63255 asked May 12 '14 at 14:26 Edd 3,90783262 add a comment| 6 Answers 6 active oldest votes up vote 18 down vote accepted I've just discovered that the files godaddy supplied with my certificate are both intermediate certificates (in fact they seem to both be the same intermediate certificate). I got the correct root and intermediate certificates by double clicking on my certificate and looking at the certificate path... from here I could also download each of these certificates and use the steps used in the question to import them share|improve this answer
but a certificate signed by a commercial or internal private CA provides greater flexibility. For example, web applications using Openfire's BOSH service. SPECIAL NOTES: 1. This procedure was successfully tested on Openfire 3.10.0 Beta with Oracle's Java SE (both 1.8.0_31 and 1.7.0_75). When tried with the open source OpenJDK 1.8.0_31 HTTPS connections would fail with a reset error. This may be due to a dependency in some proprietary feature in Oracle's distribution. Under Openfire 3.9.3 attempts to import a new key and cert would result in the error message, "There was an error one importing private key and signed certificate. Error message: Failed to establish chain from reply". This could be due to deprecated code in the older Bouncycastle crypto libraries that ship with 3.9.3. 2. A bug continues to persist in Igniterealtime's Spark client that prevents it from connecting if the certificate for a server changes. Once Spark connects to an Openfire server that uses a self-signed certificate, it cannot later be used to connect to the same server after a public cert is imported. This appears to be a problem with cert management by Spark. Although I've looked, I have yet to determine where Spark stores accepted certificates. To begin, add the following properties and values to the System Properties page. When saving make sure the "Do not encrypt" radio button is selected. xmpp.socket.ssl.storeType: JKS xmpp.socket.ssl.keystore: resources/security/keystore The keystore location is relative to $OPENFIRE_HOME, not the full path (e.g. /usr/local/openfire…). Restart openfire after making this change. Next, your CA's root and any intermediate certificates need to be added to Openfire's truststore ($OPENFIRE_HOME/resources/security/truststore). This can be done using the Java keytool, or a graphical editor like keystore-explorer. Restart openfire when finished. Once that is done we need to create an x509 key and certificate request. openssl req -nodes -new -sha256 -keyout chat.example.com.key -out chat.example.com.req When replying to the prompts, be sure to include (or not include) a certificate password if required by your CA. With the request generated, use your CA's submission mechanism to obtain a signed certificate. If using your own