java - link between private key and signed certificate in keystore

Question

I am doing the jetty SSL configuration.

I have created CSR using keytool which has added a private key to the keystore,

Received the certificate based on the CSR, converted the certificate to DER format and imported the certificate into the keystore as trustcacerts

The signed certificate has the root/intermediate certificates in the certificate path

I also installed the root and intermediate certificate in the IE under the trusted root certificate after converting it into DER format.

while using https , the browser shows certificate error and considers the certificate as self signed certificate.

Question

Does this mean the the installed signed certificate is not considered since the certificate does not have the Root/intermediate certificate in the certificate path?

Though the signed certificate received from the CA have the link to the root/intermediate certificate in the certificate path.

Please suggest if anything is wrong in the process . Adding the keytool commands followed for this.

Created keystore

keytool -keystore serverdns.keystore -alias server -genkey -keyalg RSA -keysize 2048

create CSR

keytool -certreq -alias server -keystore serverdns.keystore -file server.csr

installing signed certificate

keytool -import -trustcacerts -alias cert -keystore serverdns.keystore -file signedcert.der.cer

I have tried using the same alias 'server' while installing the signed certificate but it failed with the error

keytool error: java.lang.Exception: Failed to establish chain from reply

Answer 1

You need to import the signed certificate using the same alias as the private key and the CSR. Otherwise there is no connection between them, and the new certificate is just another certificate. You should not use -trustcacerts for this step, and if you are asked whether to trust the certificate you've got the alias wrong.