Cloudlflare origin certificate on Tomcat

Hello Everyone,
I hope someone can help.
I used the following command to generate my CSR file and JKS keystore.

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore star_my_domain.jks -dname “CN=*.mydomain.com,OU=Operations,O=My compay, L=City, ST=CS, C=IT” && keytool -certreq -alias server -file star_my_domain.csr -keystore star_my_domain.jks

Then I copied and pasted the content of the CSR file into the Cloudflare form that generates an origin certificate.

Everything went well and I saved Cloudflare certificate in the file cloudflare_certificate.p7b

Then I tried to impor the Cloudflare certificate into my keystore with the following command:

keytool -import -alias server -file cloudflare_certificate.p7b -keystore star_my_domain.jks

At this point I receive the following message:

keytool error: java.lang.Exception: Failed to establish chain from reply

Am I missing anything? I searched over the internet for a solution without no luck.

Thank you

It might need the Root CA cert as well:
https://developers.cloudflare.com/ssl/origin-configuration/origin-ca#4-required-for-some-add-cloudflare-origin-ca-root-certificates

Thank you very much for your promt answer. I downloaded the ROOT certificate but I am not sure how to import both the ROOT certificate and the origin certificate. I tried first one and second the other receiving different errors, then I inverted the order, no luck, then I copied both certificate into a single file making sure that thh BEGIN and END section were there for both files, but no lack. A simple example would help.
Thanks a lot

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.