Solving keytool error: Failed to establish chain from reply

There are two possible causes for this error:

1. No root certificate for Keytool to chain to.

Keytool relies on a root certificates in order to install the certificate.

2. Error occurs because the JDK keystore is very particular about the format of the Certificate.

This error is related to the format the certificate has been downloaded in.


Please make sure you download the (default) PKCS#7 format certificate and import this into your keystore. JDK prefers this format, which contains a complete certificate chain and which includes your certificate, as well as the signers certificate (Root CA certificate).

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What does the Warranty actually mean?

We believe it is important to protect the end user. If we were to issue a certificate in error to...

Why does the secure part of the website say the name on the security certificate is invalid or does not match the name of the site?

There are a few possible reasons for this:1) The certificate has a Common Name (CN) of...

The CSR cannot be decoded or is invalid

CSR is possibly missing one or more required fields.The CSR must contain a minimum of the...

I have accidentally deleted or lost my Private Key

First check your backups and see if you can re-install the "private key". If you don't know how...

I have changed my server, or moved to a different provider, how do I move the certificate?

If you are moving servers or providers, you will need to get the certificate and private key from...