Comodo are now issuing certificates with 2048-bit keys and four-part certificate chains - and we have a wildcard certificate, just to complicate matters.
Our old Thawte wildcard certificate (single key, single PEM certificate) imported correctly and worked just fine… but I just cannot get the Comodo certificate to install. The message I’m getting back from import-certificate.jsp is “There was an error one importing private key and signed certificate. Error message: Failed to establish chain from reply”.
I’ve imported all of the parts of the Comodo certificate (‘AddTrust External CA Root’, ‘COMODO Certification Authority’, and ‘COMODO High Assurance Secure Server CA’) into the truststore file with Java 1.6’s ‘keytool’, but when I paste the private key and certificate into Openfire, it returns the above error.
If I paste the entire chain in to Openfire, it returns the above error.
I’ve tried clearing out the keystore and truststore, I’ve tried putting all of the keys and certificates (excluding and including the actual private key and our certificate) into both files (which I’m sure is wrong, but I’ve seen it suggested elsewhere…) but no matter what, Openfire can’t work out the chain.
Is the order in which certificates are imported at all significant?
What can I do to fix this - we have a public-facing secure Jabber service with an out-of-date certificate. Any help greatly appreciated!
Thanks in advance,
Stuart