Unable to import Comodo certificate-chain into Openfire-3.6.4

Comodo are now issuing certificates with 2048-bit keys and four-part certificate chains - and we have a wildcard certificate, just to complicate matters.

Our old Thawte wildcard certificate (single key, single PEM certificate) imported correctly and worked just fine… but I just cannot get the Comodo certificate to install. The message I’m getting back from import-certificate.jsp is “There was an error one importing private key and signed certificate. Error message: Failed to establish chain from reply”.

I’ve imported all of the parts of the Comodo certificate (‘AddTrust External CA Root’, ‘COMODO Certification Authority’, and ‘COMODO High Assurance Secure Server CA’) into the truststore file with Java 1.6’s ‘keytool’, but when I paste the private key and certificate into Openfire, it returns the above error.

If I paste the entire chain in to Openfire, it returns the above error.

I’ve tried clearing out the keystore and truststore, I’ve tried putting all of the keys and certificates (excluding and including the actual private key and our certificate) into both files (which I’m sure is wrong, but I’ve seen it suggested elsewhere…) but no matter what, Openfire can’t work out the chain.

Is the order in which certificates are imported at all significant?

What can I do to fix this - we have a public-facing secure Jabber service with an out-of-date certificate. Any help greatly appreciated!

Thanks in advance,


Sorry to resurrect an old post…but sounds exactly like the problem I’m now facing. OpenFire 3.7.1 just will not take the Comodo 2048 RSA cert. First I generated the CSR and used Comodo’s interface to input it. They spit out several .crt files after verification. I open up the .crt and copy and paste the code into the Certificate Authority Reply box. Does not work.

So I tried various guides on manually importing via keytool. Nothing works.

Anyone else able to resolve this or at least have similar difficulty?

For anyone finding this thread via search/google here is your answer: