Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within Security Search Coderanch
Advance search Google search
Register / Login
permaculture playing cards
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
thread boost meaningless drivel book review grid advertise on coderanch building better world book
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Ron McLeod
  • Jeanne Boyarsky
Sheriffs:
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

Failed to Establish Chain from Reply

 
January Montague
Greenhorn
Posts: 5
posted 13 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
I am trying to import a certificate created for me from a .CSR file.
Long story short, I am getting the error "Failed to Establish Chain from Reply". I found a thread with a user with a similar problem back in 2003.
The problem they were having seemed to be because they used an alias they had previously used before.
I took that advice and delete everything off of the server to do withthe certificate and used new alias names. However this didn't work. I'm still getting the same error.

I'm hoping if I post my series of steps here someone may be able to pick out what I'm doing wrong and help me.
Any advice would be appreciated.

Here are the steps:
1. I generate the key using the command:
keytool -genkey -alias incOne-keyalg RSA -keysize 4096 -keystore incKEY.key

2. Then I generate the CSR against that key that was just created using the command
keytool -certreq -keyalg RSA -alias incOne -file certreqIncOne.csr -keystore incKEY.key


At this point I use -list to see what's in my .key file. In the .key file I have:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

incone, Oct 24, 2011, PrivateKeyEntry,
Certificate fingerprint (MD5): ______________________________

Then after I get the certificate, I import it
1. Import the chain certificate using the command

keytool -import -alias root -keystore incKEY.key -trustcacerts -file CA_Chain.crt

and again, I use -list to see what's in the file and I have:
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

root, Oct 24, 2011, trustedCertEntry,
Certificate fingerprint (MD5): ______________________________
incone, Oct 24, 2011, PrivateKeyEntry,
Certificate fingerprint (MD5): ______________________________

Now, I'm still following the tomcat instructions Apache Tomcat 6.0 SSL Configuration HOW-TO,
I try to import the certificate created for me by using the command:
keytool -import -alias incOne -keystore incKEY.key -trustcacerts -file doors01-10242011.crt

and I get the error: "Failed to establish chain from reply", which as I stated before from what I've researched means I've used the same alias name.

Now my main question is what's the point of importing the certificate created for me?
Is that certificate suppose to over write the other incone private key entry as a trustedCertEntry?


Thank You
January
 
Arshad Noor
Ranch Hand
Posts: 34
posted 13 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Depends on who the Issuing CA is and what their chain looks like. Post the contents of CA_Chain.crt and doors01-10242011.crt so I can tell if your chain is intact.

Arshad Noor
StrongAuth, Inc.
 
Lookout! Runaway whale! Hide behind this tiny ad:
Clean our rivers and oceans from home
https://www.kickstarter.com/projects/paulwheaton/willow-feeders
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...