Problem
When importing an SSL certificate to Clearwell's keystore, an error is encountered.
Error Message
keytool error: java.lang.Exception: Failed to establish chain from reply
Cause
Root and/or Intermediate certificates have not been imported properly or in the correct order.
Solution
If Root and/or Intermediate certificates have already been imported, remove them.
1. Run the following command:
keytool -delete -alias mydomain -keystore new-server.keystore
DO NOT remove "clearwellkey" alias from keystore.
2. Import the Root certificate
3. Import the Intermediate certificate
4. Import the Site certificate
To determine the Root, Intermediate, and Site certificate
1. In the example above, "VeriSign" is the Root certificate, "VeriSign Class 3 International Server CA - G3" is the Intermediate certificate, and "mydomain.com" is the Site certificate.
2. If the Root and/or Intermediate certificates are not available, they can be exported from the Certification Path tab as seen in the image above.
3. Double-click the certificate and it will open a new window that looks just like the previous one.
4. Next go to the Details tab and click Copy to File.
5. Click Next on the window that opens.
6. Choose Base-64 encoded X.509 (.CER)
7. Click Next and choose a filename: example.cer
8. Click Finish and this file can now be used to import this certificate into Clearwell's keystore.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.