Troubleshooting: Tomcat x509 – “Failed to establish chain from reply.”

This Article consists of advanced troubleshooting to a very problematic issue that rarely comes up with versions of keytool when installing an SSL certificate in x509 format. Issue: By all normal means when following SSL Installation instructions for Tomcat using X509 you should have a smooth installation, but when importing the Intermediate CA Certificate or SSL Certificate received from the Certificate Authority you may get the following error message still. “Failed to establish chain from reply” Cause: Tomcat/keytool is a picky system. Tomcat wants to see the entire certificate chain before installation of the SSL Certificate. Typically this can be solved by importing the entire chaining path of your SSL Certificate in the following order: Root > Intermediate > SSL Certificate. […]

Read More