Crashplan Pro Server – SSL Error Fix

One of my clients runs their own Crashplan Pro server and needed help installing their SSL cert.  I came across an error and thought I would post the fix here.  Keep in mind that I’m using GoDaddy for the SSL but the error we’ll get is related to the Java Development Kit (JDK) install on the server.

First, Crashplan’s SSL setup tutorial lists the commands to generate a key and your CSR.  Let’s generate the key first:

  • keytool -genkey -keystore keys.jks -alias tomcat -keypass tomcat -keysize 2048 -keyalg RSA -storepass tomcat

I have changed the key size to be 2048 – GoDaddy requires this.  Crashplan’s command originally sets the key size to be 1024.  Next, generate your CSR:

  • keytool -certreq -v -keystore keys.jks -alias tomcat -keypass tomcat -file test.csr -storepass tomcat

Send that CSR to your CA (GoDaddy, etc.) to generate and download your cert.  Next, the error.  Crashplan says to install the cert:

  • keytool -import -keystore keys.jks -alias tomcat -file -trustcacerts -storepass tomcat -keypass tomcat

…and we get this: “Error: java.lang.exception: failed to establish chain from reply”

In a perfect world, the “-trustcacerts” should have overridden the security check and installed the cert.  Alas, it did not.  I did verify that GoDaddy was listed in my /cacerts for JKE but it still didn’t install the cert correctly.  To fix this, you need to install the intermediate cert that you should have received from your CA:

  • keytool -import -trustcacerts -alias root -keystore keys.jks -file gd_intermediate.crt -storepass tomcat

Keep the -alias as “root” – don’t change it to tomcat to match Crashplan’s previous instructions or it won’t work.  You should receive a message stating that your intermediate cert has bee installed successfully.  Now, go back and run the import again for your SSL:

  • keytool -import -keystore keys.jks -alias tomcat -file -trustcacerts -storepass tomcat -keypass tomcat

That should successfully install your SSL.  Once that’s done, you can continue your Crashplan SSL setup.  Good luck!