000027945 - KB-1475 - SSL - keytool error: Failed to establish chain from reply

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027945
Applies ToAffected Versions: All Versions
IssueWhen attempting to install a server certificate for the Aveksa application through the UI. The following error is thrown:
 
keytool error: Failed to establish chain from reply
 
ResolutionThere are two possible causes for this error:
1. No root certificate to chain to.
The SSL scheme relies on a root certificate(s) in order to install the certificate. These may be internal site "root" certificates and site intermediate certificates or certificates from issuing authorities like VeriSign. These cerificates must be installed into the CA cacerts file (as the root user) before attempting to install the signed ACM server certificate to the aveksa.keystore file (as the oracle user)
2. Error occurs because the keystore is very particular about the format of the Certificate.
This error is related to the format the certificate has been downloaded in. It may not be in DER format.
 

Attachments

    Outcomes