Product: TIBCO Spotfire Server
Versions: All
Summary:
When importing a CA issued certificate to a TIBCO Spotfire Server Java keystore, you get the error "Failed to establish chain from reply". This can be a result of the root and/or intermediate certificates not having been imported properly or in the correct order.
Details:
You try to import a CA-issued certificate to the TIBCO Spotfire Server Java keystore by running a command like the following:
C:\tibco\tss\11.4.1\jdk\bin>keytool -import -alias spotfire -file C:\tibco\tss\11.4.1\tomcat\certs\servercert.cer -keystore C:\tibco\tss\11.4.1\tomcat\certs\spotfire.jks
You then get an error message:
"keytool error: java.lang.Exception: Failed to establish chain from reply"
This can happen when the certificate fails to build the chain as Root and/or Intermediate certificates have not been imported properly or in the correct order.
Resolution:
Option A
Ask the CA admin to provide the certificate in .p7b format which exports the chain along with Root and intermediate certificates.
You can then run the below command to import the certificate:
keytool -import -alias spotfire -file <Spotfire Server Install>tomcat\certs\servercert.p7b -keystore <Spotfire Server Install>\tomcat\certs\spotfire.jks
Option B
Follow the below steps to import the certificates individually once you have the .p7b format certificate
- View your certificate on a computer running Windows. You will be able to see the certificate chain on the third tab that looks like the following image.
- Select the root certificate from the chain and click on the button "View Certificate".
- A new window opens, go to the second tab and click on the "Save File" button. This opens an export wizard for your certificate.
- When exporting, select the X.509 base 64 option and follow the instructions. Save the file.
- Repeat for the intermediate certificate.
- Copy both certificates to your server and import into the keystore following the order - first root, second intermediate and finally your certificate using the below commands:
keytool -import -alias spotfire -file <Spotfire Server Install>\tomcat\certs\Rootcert.cer -keystore <Spotfire Server Install>\tomcat\certs\spotfire.jks
keytool -import -alias spotfire -file <Spotfire Server Install>\tomcat\certs\Intermediate.cer -keystore <Spotfire Server Install>\tomcat\certs\spotfire.jks
keytool -import -alias spotfire -file <Spotfire Server Install>\tomcat\certs\servercert.cer -keystore <Spotfire Server Install>\tomcat\certs\spotfire.jks
Comments
0 comments
Article is closed for comments.