Keytool issue with version 3.0.2

Djordje Gavrilovic gavrilovicmdj at
Thu May 19 09:52:24 UTC 2022

Hi guys,
I have a following issue with migrating from version 1.1.1f to 3.0.2:

I generate bmstore.pkcs12.pem file with the following commands:


openssl req -newkey rsa:2048 -sha1 -keyout bmstore.pkcs8.pem -nodes 
-x509 -days 999 -out bmstore.x509.crt -subj 
openssl pkcs12 -export -in bmstore.x509.crt -inkey bmstore.pkcs8.pem 
-out bmstore.pkcs12.pem -passin pass:changeit -passout pass:changeit

This file is genearted with different openssl versions differently. Both 
versions of the file are attached.

Based on that file I generate:

keytool -importkeystore -srckeystore bmstore.pkcs12.pem -srcstoretype 
PKCS12 -srcstorepass changeit -destkeystore bmstore.pkcs8.x509.jks 
-deststorepass changeit

But keytool works only with the bmstore.pkcs12.pem generated with old 
version of openssl and creates bmstore.pkcs8.x509.jks

The current version of openssl generates bmstore.pkcs12.pem in another 
format and keytool throws an exception:

Importing keystore bmstore.pkcs12.pem to bmstore.pkcs8.x509.jks...
keytool error: keystore password was incorrect

-------------- next part --------------
A non-text attachment was scrubbed...
Type: application/zip
Size: 5825 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list