Keytool error: java.lang.Exception: Failed to establish chain from reply
Keytool error: java.lang.Exception: Input not an X.509 certificate
This error message occurs for one of the following reasons:
In order to resolve this error, perform the following steps:
Method 1: Incorrect Keystore or Alias name
During the private key and public key (Certificate Signing Request) generation, a Keystore name and Alias name is specified. To import the certificate successfully, the exact same Keystore Name and Alias name must also be specified.
In the following example syntax Training is set as the alias while generating the key:
Keytool -genkey -alias Training -keyalg RSA -keystore C:\java_training\training.keystore (Creates a keystore called training.keystore and a alias called Training)
To determine the alias used by the private key in the keystore, use the following command:
keytool -list <keystore_file_name>
Method 2: Incorrectly formatted certificate
Download the certificate in standard format and copy it to notepad including "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines. save it as cert.cer.
Note: Keep the five dashes before and after the 'Begin' and 'End' line statements.
Try to import this DER encoded certificate file into the keystore.