SSL Certificate issue

mathew_kosta · September 9, 2020, 8:19pm

I have followed article "Request an SSL certificate for Wowza Streaming Engine from a certificate authority" to create KeyStore, then created CSR successfully. While I have an issue importing certificate to keystore. When I run command

keytool -import-alias wowzaprivatekey -trustcacerts -file wowza_mydomain_com.crt -keystore wowza.mydomain.com.jks

I got error

keytool error: java.lang.Exception: Failed to establish chain from reply

info for cert when run command

openssl x509 -in wowza_mydomain_com.crt -text

Certificate: Data: Version: 3 (0x2) Serial Number: e1:0e:31:fa:57:80:82:4e:71:91:59:6a:6b:df:bf:b9 Signature Algorithm: sha256WithRSAEncryption Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA D idation Secure Server CA Validity Not Before: May 25 00:00:00 2019 GMT Not After : Aug 23 23:59:59 2019 GMT Subject: OU=Domain Control Validated, OU=Free SSL, CN=wowza.mydomain.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:95:32:32:09:bf:e5:4f:80:03:14:ae:13:b7:95: cf:73:4f:d7:12:d3:8c:a1:81:72:a9:1e:dc:97:ba: 5d:05:9b:c2:0c:72:e9:28:2a:2f:d4:6f:94:d5:25: 4b:91:74:2e:af:47:cc:64:4f:ef:7f:a8:db:64:1f: b4:8d:f6:cf:c1:af:62:2d:00:31:e8:33:24:76:fa: 76:b5:d0:82:51:df:7c:4c:f7:c0:54:0c:ab:3c:57: 79:14:46:52:7c:f3:c5:3f:62:6d:9f:ec:13:e1:84: 69:d6:de:14:35:b8:9b:ee:e6:50:2e:9c:18:d2:c7: 56:2c:10:f8:30:c4:c0:4b:a2:85:a0:42:46:f3:82: c7:a2:06:eb:e3:de:50:95:51:97:7d:96:fa:9d:a4: 20:d7:e9:98:83:7c:fb:50:79:ce:44:c5:77:dd:c8: 12:e3:56:13:18:4f:54:99:ef:d5:c3:70:68:b8:86: ab:4c:5f:68:be:27:41:7e:fc:85:cf:1b:9e:74:af: 85:4b:0b:bb:32:8c:f4:24:78:8b:90:39:b7:2f:b9: b8:80:19:35:23:25:e4:92:ea:14:2f:9e:a7:50:e6: c5:ba:d4:18:d7:27:30:a8:06:d2:3e:1b:cf:34:e6: f2:c4:00:62:1e:7a:3d:4b:06:b5:33:ba:34:e0:d9: 15:45 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1 X509v3 Subject Key Identifier: 7A:5B:32:B7:78:A8:7F:85:C5:69:DD:60:A1:F7:01:46:99:EB:7E:47 X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.6449.1.2.2.7 CPS: https://sectigo.com/CPS Policy: 2.23.140.1.2.1 Authority Information Access: CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureSer OCSP - URI:http://ocsp.sectigo.com X509v3 Subject Alternative Name: DNS:wowza.mydomain.com, DNS:www.wowza.mydomain.com 1.3.6.1.4.1.11129.2.4.2: …w…q…#…{G8W. .R…d6…j./…H0F.!..T…cJ…&…6wp…iW.+…!..^…;.g.v…^… .t~…1.3…!..%OBp…^B …75y…{.V…j./…G0E.!..c:B.u.m6… 3…;[$.n.V…3B%… ;p.vQ…D.m…S…?._… . Signature Algorithm: sha256WithRSAEncryption 47:20:80:4a:57:57:a1:45:38:a3:ce:18:2f:2d:a8:19:39:7b: f9:49:3f:7d:10:df:11:18:97:df:5b:f0:a9:24:0d:cc:69:11: 6d:11:3f:27:aa:ad:87:42:9c:32:25:93:4c:9f:65:39:c4:aa: 3b:ed:12:d9:0b:67:54:59:71:0a:1c:b6:96:b1:f0:be:a7:fc: ec:39:29:14:19:ff:15:34:d1:11:bc:28:41:d8:54:a3:83:e6: 71:56:0d:d9:50:b1:93:d9:57:2e:6d:3d:ec:4f:d3:ba:36:31: 42:01:75:9a:2e:85:a5:5d:2c:1e:3d:2f:40:3d:44:66:b1:e0: 22:70:3f:75:a9:ac:3e:2f:54:a7:fe:92:f6:b9:3b:26:fa:17: 33:45:d4:1d:e6:dc:70:a2:40:d1:ac:58:3e:74:3c:e0:f9:dd: 03:40:ac:d6:23:ac:69:d2:c3:d0:51:49:11:31:c7:0f:88:42: 1a:24:a7:e1:42:1f:a0:5c:a8:44:2d:d9:01:57:03:cf:bf:66: 12:1c:f1:34:87:2c:74:c7:79:fe:f7:e2:3c:9f:1c:e8:08:61: 96:98:77:4b:42:c8:07:16:d3:27:3a:95:37:bd:64:80:69:26: a8:df:49:41:53:5a:18:b0:81:15:d8:5a:47:33:41:39:f8:6f: 70:69:bb:66 -----BEGIN CERTIFICATE----- MIIGADCCBOigAwIBAgIRAOEOMfpXgIJOcZFZamvfv7kwDQYJKoZIhvcNAQELBQAw gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD QTAeFw0xOTA1MjUwMDAwMDBaFw0xOTA4MjMyMzU5NTlaMFIxITAfBgNVBAsTGERv bWFpbiBDb250cm9sIFZhbGlkYXRlZDERMA8GA1UECxMIRnJlZSBTU0wxGjAYBgNV BAMTEXN0cmVhbS5hdHZzYXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAlTIyCb/lT4ADFK4Tt5XPc0/XEtOMoYFyqR7cl7pdBZvCDHLpKCov1G+U 1SVLkXQur0fMZE/vf6jbZB+0jfbPwa9iLQAx6DMkdvp2tdCCUd98TPfAVAyrPFd5 FEZSfPPFP2Jtn+wT4YRp1t4UNbib7uZQLpwY0sdWLBD4MMTAS6KFoEJG84LHogbr 495QlVGXfZb6naQg1+mYg3z7UHnORMV33cgS41YTGE9Ume/Vw3BouIarTF9ovidB fvyFzxuedK+FSwu7Moz0JHiLkDm3L7m4gBk1IyXkkuoUL56nUObFutQY1ycwqAbS PhvPNObyxABiHno9Swa1M7o04NkVRQIDAQABo4ICkTCCAo0wHwYDVR0jBBgwFoAU jYxexFStiuF36Zv5mwXhuAGNYeEwHQYDVR0OBBYEFHpbMrd4qH+FxWndYKH3AUaZ 635HMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsG AQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYI KwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYI KwYBBQUHAQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29t L1NlY3RpZ29SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMG CCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAzBgNVHREELDAqghFz dHJlYW0uYXR2c2F0LmNvbYIVd3d3LnN0cmVhbS5hdHZzYXQuY29tMIIBBQYKKwYB BAHWeQIEAgSB9gSB8wDxAHcAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e 0YUAAAFq7y/rBAAABAMASDBGAiEAz+j8VKyz+2NKEvHMiiaP/fCUNndwEa2ZAtpp Vy4rkeACIQC8/9DuB16Ii+3I6zsbZ412vOVevLTzqrKIZTZDmOs3awB2AHR+2oMx rTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQe8xWAAABau8v7C4AAAQDAEcwRQIhAP1j OkIUdZJtNrMd8ZQKM+DAO1skwG7aVt7zCTNCJQwuAiA7cOl2UYkE3kSIbdoRU42g P51f8xL0qqqkBdGyzocKHjANBgkqhkiG9w0BAQsFAAOCAQEARyCASldXoUU4o84Y Ly2oGTl7+Uk/fRDfERiX31vwqSQNzGkRbRE/J6qth0KcMiWTTJ9lOcSqO+0S2Qtn VFlxChy2lrHwvqf87DkpFBn/FTTREbwoQdhUo4PmcVYN2VCxk9lXLm097E/TujYx QgF1mi6FpV0sHj0vQD1EZrHgInA/damsPi9Up/6S9rk7JvoXM0XUHebccKJA0axY PnQ84PndA0Cs1iOsadLD0FFJETHHD4hCGiSn4UIfoFyoRC3ZAVcDz79mEhzxNIcs dMd5/vfiPJ8c6Ahhlph3S0LIBxbTJzqVN71kgGkmqN9JQVNaGLCBFdhaRzNBOfhv cGm7Zg== -----END CERTIFICATE-----

Rose_Power-Wowza_Com · September 9, 2020, 9:23pm

Hey there @mathew kosta,

Thank you for contacting Wowza Support regarding importing a certificate into your keystore.

The usual command chain would be something like the following,

keytool -import -alias root -trustcacerts -file example.com.cer -keystore example.com.jks

This looks very much like what you have posted.

If this is failing for you then can you please include a copy of any certificate and keystore files as well as the keystore password and we can see if this is reproducible locally.

You can do this through a support ticket:

https://www.wowza.com/support/open-ticket

Wowza Community

SSL Certificate issue

Popular Video Topics

Video Resources

Partners

Company

Stay Connected

Stay Up to Date with the Blog