I got the same error, C:\Windows\system32>keytool -certreq -keyalg RSA -alias tomcat -file c:\tomcat8\ tomcatreq.csr -keystore c:\Tomcat8\meg.keystore Enter keystore password:
C:\Windows\system32>keytool -import -alias root -keystore c:\Tomcat8\meg.keystor e -trustcacerts -file "C:\Tomcat8\meg_library_albany_edu_interm.cer" Enter keystore password: Certificate already exists in system-wide CA keystore under alias <addtrustexter nalca> Do you still want to add it to your own keystore? [no]: y Certificate was added to keystore C:\Windows\system32>keytool -import -alias tomcat -keystore c:\Tomcat8\meg.keyst ore -file "C:\Tomcat8\meg_library_albany_edu_cert.cer" Enter keystore password: keytool error: java.lang.Exception: Failed to establish chain from reply -----Original Message----- From: Cybulski, Adam M <acybul...@albany.edu> Sent: Tuesday, June 26, 2018 2:08 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: RE: Alias name does not identify a key entry >Did you re-create your private key? I hope you kept a backup otherwise you >might have to get your CA >to re-sign the certificate from scratch. >If they try to charge you again just say "my key has been compromised and I'd >like a replacement". They >should do it for free. I did recreate it, I'll do a whole new request rather than an update request. We have an education license, so it's not coming out of my budget! -----Original Message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Tuesday, June 26, 2018 2:06 PM To: users@tomcat.apache.org Subject: Re: Alias name does not identify a key entry -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Adam, On 6/26/18 1:32 PM, Cybulski, Adam M wrote: > Hi Chris, Thanks for the help, > >>> keytool -import -alias meg -keystore c:\Tomcat8\meg.keystore -file >>> "C:\Tomcat8\meg_library_albany_edu_cert.cer" >> That last step should have been to import using the same alias as the >> first step. That will update the self-signed >certificate with the >> CA-signed certificate. > > I deleted the keystore and the certs and started over so there > wouldn't be any garbage data in it, I followed all the same steps as > before, but when I get to this one I used the command: > > keytool -import -alias tomcat -keystore c:\Tomcat8\meg.keystore -file > "C:\Tomcat8\meg_library_albany_edu_cert.cer" > > It returned the error: keytool error: java.lang.Exception: Failed to > establish chain from reply Did you re-create your private key? I hope you kept a backup otherwise you might have to get your CA to re-sign the certificate from scratch. If they try to charge you again just say "my key has been compromised and I'd like a replacement". They should do it for free. >>> Any help you can give me in resolving this error is greatly >>> appreciated. > >> You should switch from JKS/JCEKS to PKCS12 keystores, since those >> Java-specific ones are being deprecated and >(not quickly enough) >> dropped from Java. > > Can you aim me at a guide to this? The steps I've been following are > just from whatever I've found online. Most of the articles seem pretty > dated. No particular guide (other than the one Mark posted in reply). To use PKCS12 files, just add "-storetype PKCS12" to every command you execute. Otherwise, the default is the JKS "Java KeyStore" keystore type . - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlsygIUACgkQHPApP6U8 pFjTKg/+JnQsmqcgOCStpBbJSy3Uh4gYrFWCKWEu3EzJJ7cOxoFDY5SbCNV27D+8 3QgTwQF2wyJOF63fQqyRD8vJrUBavIeIDQyvXyQqOD3OPHR9SgESkTthUEbqjLjM D83DtogUEvE4IPyeuguticYmETGaIrHvvU27jyYJcNNSjTYHS/iJQQifD/vbyaBS TsTzDYtT2h4B+nd+oEPEBr2c0jeUwf1fCghp4fVGspFVccFze0LZpYrqoi4K/op1 xyoCnS5H9vDfSpC3DlJZVgEWWQ6vEgSSG8E66IdLxk591QkfK3DzuyRpqglyDVdE i7fexaVYlQ5lvEQzYOOFktrfteCJDOBZTCXRxvGqfspwG0sjbejR/cSfL4/cD2Xx 1EEotZ8LrfxhoUKpm9hxdRMRaUHlaUrAHLyupacx/MKqVZA5SIlD7pLpA7+iSzfF uI1eYWJWVjqLZEWVx2JWpKZNOPJ0R95hRRMLCOgG9n0JiFTAup4Mcrirt8GJgNyq HHP5mUo3yMfqhy73tu0kaXTfkFyeCSdNtZhrq1Rat4MtlGaXpuvm8K/HLFXYndAr nd0pBuVN0e5TesRk3/5pxiToYZcSoGeTW6sqMgnqj2tFCAvAWKtA4bVtb1lG7Wp2 mpYbkRLntVw05zN9ThLfNTJXVTx1f9LDT91/NSh61r4SbcN3v8A= =WIvh -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
