[EXTERNAL] Keytool issue with version 3.0.2.
erwann.abalea at docusign.com
Thu May 19 10:13:32 UTC 2022
OpenSSL 3 changed the default ciphers used to protect the private keys and
certificates when creating a PKCS#12, to use something less aging.
Try adding a "-legacy" when creating the PKCS#12 file with OpenSSL3 and see
if keytool can read it.
On Thu, May 19, 2022 at 11:53 AM Djordje Gavrilovic <gavrilovicmdj at gmail.com>
> Hi guys,
> I have a following issue with migrating from version 1.1.1f to 3.0.2:
> I generate bmstore.pkcs12.pem file with the following commands:
> openssl req -newkey rsa:2048 -sha1 -keyout bmstore.pkcs8.pem -nodes
> -x509 -days 999 -out bmstore.x509.crt -subj
> openssl pkcs12 -export -in bmstore.x509.crt -inkey bmstore.pkcs8.pem
> -out bmstore.pkcs12.pem -passin pass:changeit -passout pass:changeit
> This file is genearted with different openssl versions differently. Both
> versions of the file are attached.
> Based on that file I generate:
> keytool -importkeystore -srckeystore bmstore.pkcs12.pem -srcstoretype
> PKCS12 -srcstorepass changeit -destkeystore bmstore.pkcs8.x509.jks
> -deststorepass changeit
> But keytool works only with the bmstore.pkcs12.pem generated with old
> version of openssl and creates bmstore.pkcs8.x509.jks
> The current version of openssl generates bmstore.pkcs12.pem in another
> format and keytool throws an exception:
> Importing keystore bmstore.pkcs12.pem to bmstore.pkcs8.x509.jks...
> keytool error: java.io.IOException: keystore password was incorrect
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users