-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Fleur,
On 4/12/15 3:42 PM, Fleur Garage wrote: > Chris, > > Yes, i have imported the root and intermediate certificates > successfully (using the commands below) but import of the last > certficate (domain cert) is failing with the chain error. > > A. Local self-signed cert generation keytool -genkey -alias tomcat > -keyalg RSA -keysize 2048 -keystore <hostname>.keystore > > B. CSR generation keytool -certreq -keyalg RSA -alias tomcat -file > <hostname>.csr -keystore <hostname>.keystore > > C. Sent CSR for signing and received 4 certificates from Comodo > AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt > COMODORSAOrganizationValidationSecureServerCA.crt <hostname>.crt > > D. Import Root certificate keytool -import -trustcacerts -alias > AddTrustExternalCARoot -file AddTrustExternalCARoot.crt -keystore > <hostname>.keystore > > E. Import Intermediate1 certificate keytool -import -trustcacerts > -alias COMODORSAAddTrustCA -file COMODORSAAddTrustCA.crt -keystore > <hostname>.keystore > > F. Import Intermediate2 certificate keytool -import -trustcacerts > -alias COMODORSAOrganizationValidationSecureServerCA -file > COMODORSAOrganizationValidationSecureServerCA.crt -keystore > <hostname>.keystore > > All 3 certificates were successfully imported. > > G. Import of domain/server certificate failed keytool -import > -trustcacerts -alias tomcat -file <hostname>.crt -keystore > <hostname>.keystore > > keytool error: java.lang.Exception: Failed to establish chain from > reply Try removing the "trustcacerts" argument: $ keytool -import -alias tomcat -file <hostname>.crt -keystore <hostname>.keystore - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVKycqAAoJEBzwKT+lPKRYilkP/0/gtAqiYLd3AVR+taq03rk3 hho/IHXdyzMhrqvKgttiCRvb53tB+HNkkk0le7R8xDVu9YNvpNFOKZ+qlar5fJQ1 togbQ1I8n0jekzrORE0Xlni6Kg2ssEjmYOtMBaBRh37Um2S8bX52qR85QiDA+B3K PY6RXnOUn2ZuMaU8CZZqpiQEoSXbaYavKGlJY1Iy/mVU6rS12JL8N51Zkc9jLX1X wnhrwbAbn4E9s57d04sC/JJKrd/+aojCtV5LfNPJseRrGPH9pKKrXYWiJmo/beBq I2Qp5lR4vv/BrssMZ3NdnMIwEI+T/D1yU6L37VdHZvVS8nkBadIcZCktnypeqmji 8RClOGyCx/n+nOdq5LU+UghgM4jiRYiXZhUhO93QScPVxMTJbLAtxKe/uCKs4TLi 8xXkjHpyjxoJnCxqp6h/8XgQYbaw+JMoYCn2jI0im0RFOOKOxOrqbIu49+rBKOxs qI/xlI+A3ySCO536xqZpB4RnA2THwVzo4JiNXI7pXpqClX2pHYA2dnCIloj/lJcS nK59RWzG3tL4QgdbXPPm44RUBFtMovNWxDH23fFQEApBtfB/+G9gt9+hdHDrw2Gj JgKKv7cdjJ3VuP40wyyu4odSL9/yf9Zf/q00Nu36dZ9YoX/iUPv/BzWR1T1XPLhj 9KBrQ57QoXIrHij5JPqX =4SP4 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
