Sunday, June 23, 2013

Installing Godady SSL Certificate keytool error: java.lang.Exception: Failed to establish chain from reply - fixed

Problem: keytool error: java.lang.Exception: Failed to establish chain from reply 

error while importing Godaddy SSL certificate into the keystore file

Server: Tomcat 7

Solution: Make sure all the certificates from the chain are imported into the keystore. You 

can identify the certificates from the chain by opening the certificate received from the 

CA. Double click the file and go to the certification path tab. You should be able to get 

the path chain from there. Check 

in order to obtain the individual certificates.


1) Open the certificate issued by Godaddy, which is named after your domain name

2) The chain is that you need to install "Go Daddy Root Certificate Authority - G2" root 

certificate & then "Go Daddy Secure Certificate Authority - G2" intermediate certificate 

and then finally install "" certificate.

3) The Question where do we find the first two certificates. Go to, check for the above two certificates as in below image

4) You need to follow the following command line instructions to install the standard 

certificate issued by Go Daddy with the files (or) procedure mentioned above.

keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gdroot-g2.crt

keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gdig2.crt

keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file

The above process completely resolved the Chain exception and was able to install the SSL certificate into tomcat successfully.


  1. How are you getting the file? I understand you can just download the gdroot-g2.crt from But how do you get the text file for your own personal certificate to import into keytool? I tried downloading the PEM file from my account, but I still get the "Incomplete certificate chain in reply" error. The documentation on GoDaddy's site just skips the details on this step (

  2. I have changed it to while writing this blog as I don't want to disclose for which website I was setting up the SSL certificate.

    The steps that you need to follow is open the certificate issued by GoDady and then see the certification path and then use keytool to import the certificates

  3. Thanks, we were working on this problema for the whole day and finally it worked thanks for your help.


  4. Bluehost is ultimately one of the best website hosting company with plans for all of your hosting requirments.