6

Try as I might, I can't figure out how to use a .p12 file without a password in Java. I've tried setting javax.net.ssl.keyStorePassword to "" but whatever I do I get the following SSL error:

HTTP transport error: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

All my googling would suggest that the sun implementation will not allow an empty password and of course the keytool won't let you import any certificate without a password for the store.

Karl Nicoll
  • 16,090
  • 3
  • 51
  • 65
Ginger Spen
  • 97
  • 1
  • 4
  • possible duplicate of [Sun Java KeyManagerFactory and null passwords](http://stackoverflow.com/questions/1814048/sun-java-keymanagerfactory-and-null-passwords) – DNA Jan 03 '14 at 13:50

1 Answers1

7

The Sun API seems to require a password, so you will instead need to add a password to your .p12 file.

This page says that you can do this with openssl by converting the .p12 to a .pem, then converting back to a .p12 (but I have not tried it):

open­ssl pkcs12 -in cert.p12 -out temp.pem -passin pass: -passout pass:temppassword
open­ssl pkcs12 -export -in temp.pem -out cert-final.p12 -passin pass:temppassword -passout pass:newpa­ssword
rm -f temp.pem

See also this related question.

Community
  • 1
  • 1
DNA
  • 42,007
  • 12
  • 107
  • 146
  • I've copied your command and spent like 15 minutes trying to figure out why it didn't work until I noticed all minuses look weird and replaced them... – mvmn Jun 10 '16 at 16:54
  • Good catch - for some reason they seem to have turned into en-dashes (U+2013). Now hopefully fixed. – DNA Jun 10 '16 at 22:56