Problem: keytool error: java.lang.Exception: Failed to establish chain from reply
error while importing Godaddy SSL certificate into the keystore file
Server: Tomcat 7
Solution: Make sure all the certificates from the chain are imported into the keystore. You
can identify the certificates from the chain by opening the certificate received from the
CA. Double click the file and go to the certification path tab. You should be able to get
the path chain from there. Check https://certs.godaddy.com/anonymous/repository.pki
in order to obtain the individual certificates.
1) Open the certificate issued by Godaddy, which is named after your domain name
2) The chain is that you need to install "Go Daddy Root Certificate Authority - G2" root
certificate & then "Go Daddy Secure Certificate Authority - G2" intermediate certificate
and then finally install "test.co.in" certificate.
3) The Question where do we find the first two certificates. Go to https://certs.godaddy.com/anonymous/repository.pki, check for the above two certificates as in below image
4) You need to follow the following command line instructions to install the standard
certificate issued by Go Daddy with the files (or) procedure mentioned above.
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gdroot-g2.crt
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gdig2.crt
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file test.co.in
The above process completely resolved the Chain exception and was able to install the SSL certificate into tomcat successfully.