- BlackBerry® Enterprise Server 5.0
When following the steps to load a custom certificate into the web.keystore file for use by the BlackBerry Administration Service per KB12887 and KB20759, the following error may be displayed when attempting to load the custom certificate reply file (BASCert.cer):
keytool error: java.lang.Exception: Failed to establish chain from reply
The CACert.cer file that was generated by the Certificate Authority Server is not a root certificate, but only an intermediate certificate. The BlackBerry Administration Service certificate (BAScert.cer file from the other KB articles) will not load due to a trust issue.
The root certificate from the Certificate Authority Server needs to be obtained and imported separately.
To extract the Root Certificate:
- Open the CAcert.cer file by double-clicking it.
- Click on the Certification Path tab.
- Click on the top-level (root) certificate reference, then click View Certificate.
- Click on the Details tab.
- Click the Copy to File... button to open the Certificate Export Wizard.
- Click Next.
- Select DER encoded binary X.509 (.CER) and click Next.
Browse to a folder and select a name for this certificate, for example C:\CARootCert.cer. Click Save.
If performing this on Windows 2008 Server, C:\ might not be accessible. Select a folder that allows write permissions (C:\Users\username).
- Click Next.
- Click Finish to write the certificate file and close the wizard.
- Click OK to close each Certificate window.
To load the Root Certificate into the web.keystore file:
keytool -import -alias rootcert -keystore "C:\Program Files\Research In Motion\BlackBerry Enterprise Server\BAS\bin\web.keystore" -file "C:\CARootCert.cer"
Once the Root Certificate has been loaded into the web.keystore file, the BASCert.cer file will load without incident.
By downloading, accessing or otherwise using the Knowledge Base documents you agree:
(b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.
Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.