Starfield Root certificate not recognized by java 7 keytool

Document ID : KB000094234
Last Modified Date : 19/06/2018
Show Technical Document Details
Issue:
While running the java keytool to import the root and intermediate certificate into the wasp keystore, we get the error:
keytool error: java.lang.Exception: Failed to establish chain from reply 
Environment:
UIM 8.4
jre7
Cause:
jre7 does not have the updated certificate chain from the Starfield certificate authority
Resolution:
Use JRE jre-7u79\bin\keytool to import the certificate chain into the wasp keystore.
Specifically call out the keytool in that folder when using the command, and do not use the keytool in the %PATH%/$PATH.
For example:
C:\Java\jre\jre-7u79\bin\keytool -import -trustcacerts -alias wasp -file fileName.crt -keystore wasp.keystore
The jre7 that shipped with 8.47 would not work with the certs even after importing the chain into cacerts. The certificate is now working.