Troubleshooting: Tomcat x509 – “Failed to establish chain from reply.”

This Article consists of advanced troubleshooting to a very problematic issue that rarely comes up with versions of keytool when installing an SSL certificate in x509 format. Issue: By all normal means when following SSL Installation instructions for Tomcat using X509 you should have a smooth installation, but when importing the Intermediate CA Certificate or SSL Certificate received from the Certificate Authority you may get the following error message still. “Failed to establish chain from reply” Cause: Tomcat/keytool is a picky system. Tomcat wants to see the entire certificate chain before installation of the SSL Certificate. Typically this can be solved by importing the entire chaining path of your SSL Certificate in the following order: Root > Intermediate > SSL Certificate. […]

Read More

Troubleshooting: Missing Private key in Windows Servers

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. This is because your private key will always be left on the server system where the CSR was originally created. With Microsoft systems the private key is hidden away and will only appear once the CSR pending request has been completed. When using Exchange to process the pending request and install a SSL certificate there should be a option available to do this. Typically if there is no option to “complete” the pending request it usually means the following. The CSR was never created on the exchange system that you are currently on. Note: If the […]

Read More

How to create a MMC Snap-In for troubleshooting certificates.

Microsoft Management Console (MMC) is the management console that is used to configure, manipulate, create, and fix services on a windows system in the back end that you probably wont be able to do with any front end application. It is used heavily to troubleshoot matters related to SSL certificates on Windows systems. Open up a MMC snap in by performing the instructions below. Step 1:  Create an MMC Snap-in for Managing Certificates on a Windows server system: Start > run > MMC. Go into the Console Tab > File > Add/Remove Snap-in. Click on Add > Click on Certificates and click on Add. Choose Computer Account > Next. Note: When troubleshooting browser certificates such as client certificates, email signing certificates, CodeSigning, etc.. you will choose […]

Read More