I installed java 8 and it seems to work there on the latest versions as well java -versionopenjdk version "1.8.0_312"OpenJDK Runtime Environment (build 1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)OpenJDK 64-Bit Server VM (build 25.312-b07, mixed mode)
On Thu, 2022-05-19 at 16:02 +0200, Djordje Gavrilovic wrote: > Thank you both for your answers! So much! Both of them very > helpful. We are stuck with openjdk8 right now...but it is good > to > know that later versions will work as expected. > > Thank you guys > > > On 19.5.22. 15:41, Mark Hack wrote: > > > > > > > Works for me and since the later versions of java accept both > > JKS and PKCS12 you do not have to specify the input store > > type. > > > > > > > > > > > > > > java --version > > openjdk 11.0.15 2022-04-19 > > OpenJDK Runtime Environment (build > > 11.0.15+10-Ubuntu-0ubuntu0.20.04.1) > > OpenJDK 64-Bit Server VM (build > > 11.0.15+10-Ubuntu-0ubuntu0.20.04.1, mixed mode, sharing) > > > > > > > > > > > > > > keytool -importkeystore -srckeystore > > bmstore.pkcs12.pem -srcstorepass changeit -destkeystore > > bmstore.pkcs8.x509.jks -deststorepass changeit > > Importing keystore bmstore.pkcs12.pem to > > bmstore.pkcs8.x509.jks... > > Entry for alias 1 successfully imported. > > Import command completed: 1 entries successfully imported, 0 > > entries failed or cancelled > > > > > > > > Warning: > > <1> uses the SHA1withRSA signature algorithm which is > > considered a security risk. This algorithm will be disabled > > in a > > future update. > > > > > > > > > > > > > > Mark Hack > > > > > > > > > > > > > > On Thu, 2022-05-19 at 12:13 +0200, Erwann Abalea via > > openssl-users wrote: > > > > > > > > Bonjour, > > > > > > > > > > > > OpenSSL 3 changed the default ciphers used to protect > > > the > > > private keys and certificates when creating a PKCS#12, > > > to use > > > something less aging. > > > > > > > > > > > > Try adding a "-legacy" when creating the PKCS#12 file > > > with OpenSSL3 and see if keytool can read it. > > > > > > > > > > > > > > > > > > > > > > > > On Thu, May 19, 2022 at > > > 11:53 AM Djordje Gavrilovic <gavrilovic...@gmail.com> > > > wrote: > > > > > > > > > > > > > Hi guys, > > > > > > > > I have a following issue with migrating from > > > > version 1.1.1f > > > > to 3.0.2: > > > > > > > > > > > > > > > > I generate bmstore.pkcs12.pem file with the > > > > following > > > > commands: > > > > > > > > > > > > > > > > ``` > > > > > > > > > > > > > > > > openssl req -newkey rsa:2048 -sha1 -keyout > > > > bmstore.pkcs8.pem > > > > -nodes > > > > > > > > -x509 -days 999 -out bmstore.x509.crt -subj > > > > > > > > "/C=DE/ST=Nsk/L=Nsk/O=BM/OU=BM/CN=AS" > > > > > > > > openssl pkcs12 -export -in bmstore.x509.crt -inkey > > > > bmstore.pkcs8.pem > > > > > > > > -out bmstore.pkcs12.pem -passin pass:changeit > > > > -passout > > > > pass:changeit > > > > > > > > ``` > > > > > > > > > > > > > > > > This file is genearted with different openssl > > > > versions > > > > differently. Both > > > > > > > > versions of the file are attached. > > > > > > > > > > > > > > > > Based on that file I generate: > > > > > > > > > > > > > > > > ``` > > > > > > > > keytool -importkeystore -srckeystore > > > > bmstore.pkcs12.pem > > > > -srcstoretype > > > > > > > > PKCS12 -srcstorepass changeit -destkeystore > > > > bmstore.pkcs8.x509.jks > > > > > > > > -deststorepass changeit > > > > > > > > ``` > > > > > > > > > > > > > > > > But keytool works only with the bmstore.pkcs12.pem > > > > generated > > > > with old > > > > > > > > version of openssl and creates > > > > bmstore.pkcs8.x509.jks > > > > > > > > > > > > > > > > The current version of openssl generates > > > > bmstore.pkcs12.pem > > > > in another > > > > > > > > format and keytool throws an exception: > > > > > > > > > > > > > > > > ``` > > > > > > > > Importing keystore bmstore.pkcs12.pem to > > > > bmstore.pkcs8.x509.jks... > > > > > > > > keytool error: java.io.IOException: keystore > > > > password was > > > > incorrect > > > > > > > > > > > > > > > > ``` > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
