0

I am about to install/update/upgrade a SSL certificate in one of the servers which has the following configuration

Sever information: Sever version: Apache Tomcat/6.0.35 OS version: Linux 2.6.18-371.6.1.el5 Architecture: amd64 JVM 
version: 1.6.0_30-b30 JVM 
Vendor: Sun Microsystems Inc. 
Tomcat location: /user/local/apache-tomcate-6.0.35

Generate new SSL certificate request:

  1. I created a folder name keystore (/user/local/apache-tomcate-6.0.35/keystore)

    To create a key : sudo keytool -storepass keypassword -keyalg RSA -keysize 2048 -keystore mydomain.keystore -genkey -alias mydomain

To create SSL certificate request: 

sudo keytool -storepass keypassword -keystore mydomain.keystore -certreq -keyalg RSA -file mydomain.csr -alias mydomain.com

After successful executing both the commands I got two files keystore folder - mydomain.keystore - mydomain.csr

The following files are attached into email I received yesterday

Cabundle.cert (What is this? No mention of it in the Wiki) Zip file

  1. mydomain.crt
  2. root_certificate.crt
  3. Trend_Micro_CA.crt
  4. Affirmtrust_Networking.crt

Installing the certificate:

As per information from other source I downloaded two other files into keystore folder

http://secure.globalsign.net/cacert/ct_root.der http://secure.globalsign.net/cacert/sureserverEDU.pem

Import the root certificate ‘ct_root.der’ : 

[root@ mydomain keystore]#sudo keytool -keystore mydomain.keystore -storepass keypassword -importcert -file ct_root.der -trustcacerts -alias globalsignroot

Outcome: Certificate already exists in system-wide CA keystore under alias <3getcybertrustsolutionsincgtecybertrustglobal root> Do you still want to add it to your own keystore? [no]: yes Certificate was added to keystore

Import the sure server education certificate ‘sureserverDDU.pem’: 

[root@ mydomain keystore]# sudo keytool -keystore mydomain.keystore –storepass keypassword -importcert -file sureserverEDU.pem -trustcacerts -alias sureserveredu

Outcome: Certificate was added to keystore

Import the certificate from email: As per wiki I need to import certificate.pem file {{{sudo keytool -keystore mydomain.keystore -storepass keypassword -alias mydomain -import -file mydomain.pem}}}.

I don’t have any .pem file in the email I have received and if I run [root@ mydomain keystore]# sudo keytool -keystore mydomain.keystore -storepass keypassword -alias mydomain -import -file mydomain.crt. I get an error, Keytool error: java.lang.Exceptoin: Failed to establish chain from reply

Problem:

This is where I am stuck and don’t know what to do, I assume I have to create a chain.pem with all the received certificates inside it. If this is the case in which order I should copy and paste the certificates?

To be honest I don’t want to try anything which I am not sure about it because it is a live server.

I will really appreciate if someone could help me/providing instruction on how to proceed beyond step #5 to successfully install the certificate. I am also confused what is cabundle.crt that comes with the email.

Thank you in advance.

Yama
  • 333
  • 1
  • 5
  • 20
  • Please read http://stackoverflow.com/questions/23611688/keytool-error-java-lang-exception-failed-to-establish-chain-from-reply – Jdamian Sep 10 '14 at 14:58
  • This is off-topic as it has to do with server/SSL configuration, not software development. It belongs on [sf] or maybe [webmasters.se] – Jim Garrison Sep 10 '14 at 15:52
  • 1
    @JimGarrison My apologies for posting the question on the wrong place, I thought because it is stackoverflow,not stackoverflow- programming as a header so it might be some sort of general insistence where people can post an question regarding computers. Thank you very much for guiding me to right path – Yama Sep 10 '14 at 15:58

0 Answers0