keytool error: java.lang.Exception: Failed to establish chain from reply
Generate keystore:
keytool -genkey -alias tomcat -keyalg RSA -keystore my.keystore -keysize 2048
Generate certificate signing request (CSR):
keytool -certreq -alias tomcat -keyalg RSA -file my.csr -keystore my.keystore
I then go off to my hosting provider and get some certificates. These i installed as follows:
keytool -import -alias root -keystore my.keystore -trustcacerts -file gd_bundle-g2-g1.crt
keytool -import -alias intermed -keystore my.keystore -trustcacerts -file gdig2.crt
keytool -import -alias tomcat -keystore my.keystore -trustcacerts -file my.crt
When I installed the final certificate (my.crt) I got the following error:
keytool error: java.lang.Exception: Failed to establish chain from reply
I believe i have imported the chain and in the correct order so I'm very confused by this message. Can anyone see what I'm doing wrong?
Answer
I've just discovered that the files godaddy supplied with my certificate are both intermediate certificates (in fact they seem to both be the same intermediate certificate).
I got the correct root and intermediate certificates by double clicking on my certificate and looking at the certificate path... from here I could also download each of these certificates and use the steps used in the question to import them
