|Applies To||Affected Versions: All Versions|
|Issue||When attempting to install a server certificate for the Aveksa application through the UI. The following error is thrown:|
keytool error: Failed to establish chain from reply
|Resolution||There are two possible causes for this error:|
1. No root certificate to chain to.
The SSL scheme relies on a root certificate(s) in order to install the certificate. These may be internal site "root" certificates and site intermediate certificates or certificates from issuing authorities like VeriSign. These cerificates must be installed into the CA cacerts file (as the root user) before attempting to install the signed ACM server certificate to the aveksa.keystore file (as the oracle user)
2. Error occurs because the keystore is very particular about the format of the Certificate.
This error is related to the format the certificate has been downloaded in. It may not be in DER format.