Ok, I believe I understand. I have gotten my maxsource.maxor.com.csr ( I believe this is generated by the keytool ) and I have maxsource.maxor.com.cer ( generated key from https://www.thawte.com/cgi/server/test.exe ) When I try to install the .cer file, I get the listed error. _________________ Steve S. Gee Jr. Certified Java Programmer Maxor National Pharmacies Information Technologies [EMAIL PROTECTED] 806.324.5540 www.maxor.com 806.324.5400 ariel.arambur [EMAIL PROTECTED] To: <[EMAIL PROTECTED]> (Ariel cc: Aramburu) Subject: Re: SSL -- Another errror, but getting closer 04/17/00 08:35 AM Please respond to "Ariel" I can tell you what the error, means, but I do not know if I can help you fix it. :-) "Failed to establish chain from reply" I guess that you are trying to install a certificate for your server. But all certificates must have a root certificate from a certification authority (CA cert). This is called a chain. Here in Sweden I buy my certificates from a company who in its turn, buy the rights from Verisign. So I have a chain of three certificates: my own, the CA for the company who sold me my certificate, and the CA for Verisign, that certifies the company I buy from. That is the chain. There needs to be always a root certificate. To install in keytool a certificate, you need first to install the CA cert, that it, the certificate of the entity who sold you your certificate. If I get from the internet a verisign certificate for my server, I need to install first the Verisign CA cert before I try to install in keytool my own verisign certificate. In the case of keytool, the default keytool database that comes with java ( in the jdk directory) includes 3 or 4 defaults CA, so you might succedd with verisign, but the general rule is install first the certificate, which is public, for the authority who gave you your own certificate before installing yours. Is that clear ? Did it help ? ----- Original Message ----- From: <[EMAIL PROTECTED]> To: Orion-Interest <[EMAIL PROTECTED]> Sent: den 17 april 2000 15:12 Subject: SSL -- Another errror, but getting closer > > Thanks for the help thus far, I am getting closer. > > When I enter the command: > keytool -keystore keystore -keyalg "RSA" -import -trustcacerts -file > my.host.com.cer > > I get this error: > keytool error: Failed to establish chain from reply > > > > Orion Team, > Once I get SSL up and running, I will submit to you a modified HOWTO file > generated from all of the help files I recieved from here*. Your server > has failed to let me down this far, and I would like to make this small > contribution. > > *to include the names of those who offered the help. > _________________ > Steve S. Gee Jr. > Certified Java Programmer > Maxor National Pharmacies > Information Technologies > > [EMAIL PROTECTED] > 806.324.5540 > www.maxor.com > 806.324.5400 > > > > "Brian Cunningham" > <brian.cunningham@big To: <[EMAIL PROTECTED]> > words.com> cc: > Subject: FW: SSL Problems > 04/11/00 02:33 PM > > > > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Magnus Stenman > Sent: Friday, March 10, 2000 5:29 AM > To: Orion-Interest > Subject: Re: SSL Problems > > > The first thing I'd suspect is that your orion.jar cannot find the > jnet/jcert/jsse jars > for some reason. This can be due to having orion.jar in jre/lib/ext and > similar issues. > Can you find the javax.net.ServerSocketFactory class in application > (servlet/JSP etc) > code? > > /Magnus Stenman, the Orion team > > ----- Original Message ----- > From: "Andre Vanha" <[EMAIL PROTECTED]> > To: "Orion-Interest" <[EMAIL PROTECTED]> > Sent: Wednesday, March 08, 2000 6:26 AM > Subject: SSL Problems > > > > Hello, > > I've tried to follow the ssl-howto but I can't get orion to start my > secure > > site. > > I'm hoping someone who has gotten ssl to work can give some insights. > > > > I've tried this on both orion 0.9.4 and 0.9.4j but the results are the > same. > > > > Here are the steps I took to work through the howto: > > > > Just like the howto said, I generated my RSA key and created a > certificate > > request. > > In order to generate the RSA key, I installed the default JSSE provider > > (com.sun.net.ssl.internal.ssl.Provider in jsse.jar) that came with the > orion > > distribution, into my java.security configuration file. I posted my > > certificate request to thawte's test certificate generator and created a > > certificate with the default options (Test X509v3 SSL Cert). > > When I tired to import my new certificate, keytool gave me an error, > > something along the lines that it couldn't create the certificate chain, > so > > I imported thawte's Root Test CA certificate into my Keystore. With the > CA > > certificate in place, I was able to > > import my certificate without further problems. > > The problem occurs when I try to secure one of orion's websites with this > > ssl configuration: > > <ssl-config keystore="E:\WA\ssl\WAKeyStore" keystore-password ="123123123" > > needs-client-auth="false" /> > > Orion always fails to start up the secure site with this error: > > Error starting HttpServer: Unable to intialize SSLServerSocketFactory > > 'com.everm > > ind.ssl.JSSESSLServerSocketFactory': javax/net/ServerSocketFactory > > > > I've tried different web sites and ports. One thing that came to mind was > > matching the key alias to the site hostname parameter but that doesn't > work > > either. > > What am I missing? Did I use the wrong RSA key generation provider or > the > > wrong kind of SSL certificate? > > > > Any help would be greatly appreciated. > > > > Thanks, > > Andre V > > > > > > > > > > >