Bonjour, OpenSSL 3 changed the default ciphers used to protect the private keys and certificates when creating a PKCS#12, to use something less aging.
Try adding a "-legacy" when creating the PKCS#12 file with OpenSSL3 and see if keytool can read it. On Thu, May 19, 2022 at 11:53 AM Djordje Gavrilovic <gavrilovic...@gmail.com> wrote: > Hi guys, > I have a following issue with migrating from version 1.1.1f to 3.0.2: > > I generate bmstore.pkcs12.pem file with the following commands: > > ``` > > openssl req -newkey rsa:2048 -sha1 -keyout bmstore.pkcs8.pem -nodes > -x509 -days 999 -out bmstore.x509.crt -subj > "/C=DE/ST=Nsk/L=Nsk/O=BM/OU=BM/CN=AS" > openssl pkcs12 -export -in bmstore.x509.crt -inkey bmstore.pkcs8.pem > -out bmstore.pkcs12.pem -passin pass:changeit -passout pass:changeit > ``` > > This file is genearted with different openssl versions differently. Both > versions of the file are attached. > > Based on that file I generate: > > ``` > keytool -importkeystore -srckeystore bmstore.pkcs12.pem -srcstoretype > PKCS12 -srcstorepass changeit -destkeystore bmstore.pkcs8.x509.jks > -deststorepass changeit > ``` > > But keytool works only with the bmstore.pkcs12.pem generated with old > version of openssl and creates bmstore.pkcs8.x509.jks > > The current version of openssl generates bmstore.pkcs12.pem in another > format and keytool throws an exception: > > ``` > Importing keystore bmstore.pkcs12.pem to bmstore.pkcs8.x509.jks... > keytool error: java.io.IOException: keystore password was incorrect > > ``` > -- Cordialement, Erwann Abalea.
