keytool error: java.lang.Exception: Failed to establish chain from reply

Question

Generate keystore:

keytool -genkey -alias tomcat -keyalg RSA -keystore my.keystore -keysize 2048

Generate certificate signing request (CSR)

Answer 1

I got same error when trying to import CA certified certificates in to the keystore, in a Linux environment.

I followed set of steps and imported it successfully.

After receiving CA certified certificates, use the following steps to import the certificates into the keystore.

step 1:

Import root certificate to cacerts which will be available at JAVA_HOME/jre/lib/security folder using following command:

keytool -importcert -alias root -file [root certificate] -keystore cacerts

Once you enter above command it will prompt for password, enter password and click on yes.

step 2:

Import root certificate using following command:

keytool -importcert -alias root -file [root certificate] -keystore [keystore file name]

Once you enter above command it will prompt for password, enter password and click on yes.

step 3:

Import intermediate certificate using following command :

keytool -importcert -alias intermediate -file [intermediate certificate] -keystore [key store file name]

once you enter above command it will prompt for replacing the already certificate enter yes.

Note: intermediate certificate is optional can be ignored, it comes with the root certificate.

step 4:

Import site certificate using following command:

keytool -trustcacerts -importcert -alias [alias name which give during keystore creation] -file [site certificate] -keystore [key store file name]

Environment executed this commands are java version 7. certificate are issued by GODADDY.

for more information refer site : http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html#importCertCmd