Chris, Yes, i have imported the root and intermediate certificates successfully (using the commands below) but import of the last certficate (domain cert) is failing with the chain error.
A. Local self-signed cert generation keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore <hostname>.keystore B. CSR generation keytool -certreq -keyalg RSA -alias tomcat -file <hostname>.csr -keystore <hostname>.keystore C. Sent CSR for signing and received 4 certificates from Comodo AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSAOrganizationValidationSecureServerCA.crt <hostname>.crt D. Import Root certificate keytool -import -trustcacerts -alias AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore <hostname>.keystore E. Import Intermediate1 certificate keytool -import -trustcacerts -alias COMODORSAAddTrustCA -file COMODORSAAddTrustCA.crt -keystore <hostname>.keystore F. Import Intermediate2 certificate keytool -import -trustcacerts -alias COMODORSAOrganizationValidationSecureServerCA -file COMODORSAOrganizationValidationSecureServerCA.crt -keystore <hostname>.keystore All 3 certificates were successfully imported. G. Import of domain/server certificate failed keytool -import -trustcacerts -alias tomcat -file <hostname>.crt -keystore <hostname>.keystore keytool error: java.lang.Exception: Failed to establish chain from reply Am I doing something wrong here? Thank you. On Sun, Apr 12, 2015 at 9:07 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Fleur, > > On 4/12/15 11:56 AM, Christopher Schultz wrote: > > Fleur, > > > > On 4/10/15 10:40 PM, Fleur Garage wrote: > >> I am trying to enable SSL on Apache Tomcat/7.0.32. > > Oh, and you should definitely upgrade your Tomcat. There are known and > published vulnerabilities between that version and the latest (7.0.61): > > http://tomcat.apache.org/security-7.html > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJVKpgtAAoJEBzwKT+lPKRYr4sP/ifUt5MjBGVq0rYQvowWkfau > sVss9rV+2vFvpYYi2Ye4wlvcSxAUBSG91JpxYi9tADnXZ78tTMc6zeiwnfUCGEp4 > 16na3yF+qAUKYBXi4D7Cqn9dmufu/WJzeR3K7oTPkjqFrlhF/KvZUIAwZqnkuGst > yzBIA0V9iRoZG9bCWOkhOMDZ4/FfQNWuc5fHNyjMj1rJ+6QQMMmZoSrQDvjnPgtW > 8zK5fOmSc/v5MchdSDHpBV/hOLiOqzGWEYWbgHcq9pUGjxV46ngdCy+QGMfccCUu > yAG1G3EhBStlz0bnjKcDWieuDZ2iz7VOI0FmLOmgIsvXZzEbylcsJ/pQD8GVj0cu > RutDyCHU15Fg1vngcjD8+402uOLSxkONhKC3v7QWG8LRIqj8cRr11YWRP0mo+iEt > aqlF+fdImE7qchz5i3oF+YH6fys5z3r48wO6Hy5GanxcFN+wjGeJZ48gKcsgRX/l > DrmvuNfQn2ERY0KbfJkV8rN8oeBUijr30cWILAzEoECRyulmT3PcRMPoIMHqqAB+ > TspKAu/ZA7ueob96in3C74F8peXJStHsv00X1MCY7xSBGaxb3Ly+4kdhRUXD5bpb > lLHC8mWmf8twqwsmxiStt4J5wdXI43d8lMC+luemzmdd8CWLgkxJHF6KCv2X2Beu > yK+GeFf9e2OV1vE97e64 > =EnDX > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
