keytool cannot import certifiate - failed to establish chain from reply

Question

I would really appreciate if someone could shed some light on the following issue. I have read the keytool documentation but could not find any hint regarding what could be the problem here.

I created a keystore

keytool -genkey -alias privateKeyName -keyalg RSA -keystore privateKeyName.jks -validity 720 -keysize 1024

I created a certificate request

keytool -certreq -alias privateKeyName -keystore privateKeyName.jks -file certReqFileName.csr

After the signing authority gave me the .cer file, I tried to import it with

keytool –import -alias privateKeyName -file certReqFileName_t_f.cer -keystore privateKeyName.jks

Import fails with

keytool error: java.lang.Exception: Failed to establish chain from reply

I have been stuck on this for some time now so any help would be awesome. Thanks.

score 15 · Accepted Answer · answered Nov 24 '12 at 11:37

15

Take a look at the option -trustcacerts, if your CA is listed in the truststore. Additionally you may have to add the CA's intermediate certificates to your keystore, first.

answered Nov 24 '12 at 11:37

Andy

1,964
1
15
29

It took some time to accept this answer but it was really the intermediate certificates. – Nikola Kolev Dec 03 '13 at 12:23
1

@Andy how exactly does one add the intermediate certificates? – Dmitri Nesteruk Aug 26 '14 at 09:59
@NikolaKolev the same way as other certificates. Take a look at the option `keytool -importcert`. – Andy Aug 28 '14 at 14:23

keytool cannot import certifiate - failed to establish chain from reply

1 Answers1