Exception in thread "main" java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658)

Question

I have mycert.crt file and I want to connect to the server using my java code. I am getting titled exception.My code is as follow:

final MqttConnectOptions connnOpt = new MqttConnectOptions();
connnOpt.setCleanSession(false);  
connnOpt.setKeepAliveInterval(2000);
connnOpt.setUserName(user.getUsername());
connnOpt.setPassword(user.getSDPApiDriver().getToken().toCharArray());
connnOpt.setConnectionTimeout(20000); 
String sslCert="/mycert.crt";
System.setProperty("javax.net.ssl.trustStore", sslCert);
System.setProperty("javax.net.ssl.trustStorePassword", "expectBrilliance");
System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");
KeyStore ks = KeyStore.getInstance("JKS");
InputStream jksInputStream = this.getClass().getResourceAsStream(sslCert);
ks.load(jksInputStream, "expectBrilliance".toCharArray());  //thrown exception
KeyManagerFactory kmf = 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, "expectBrilliance".toCharArray());
TrustManagerFactory tmf = 
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
SSLContext sc = SSLContext.getInstance("TLS");
TrustManager[] trustManagers = tmf.getTrustManagers();
sc.init(kmf.getKeyManagers(), trustManagers, null);
SSLSocketFactory ssf = sc.getSocketFactory();
connnOpt.setSocketFactory(ssf);
String locationTopic = "abcd/efgh/" + dongleId + "/events";
final MqttClient client =  new MqttClient(clientDevice.getBrokerUrl(), dongleId,null);
client.connect(connnOpt);
System.out.println("client status : " + client.isConnected());

in my java.security there is keystore.type=jks Using this mycert.crt file I am able to login to my hivemq server with mqtt-spy. User name: abcd Password:wxyz Security Tab-TLS Mode: CA certificate Protocol: TLSv1 CA certificate file: mycert.zip I am browsing different sites but now getting answer.

Answer 1

The above issue is resolved by converting .crt file to .jks using following command : $keytool -importcert -file Desktop\mycert\mycert.crt -keystore Desktop\mycert.jks -alias changeit //changeit is password of crt

and then followed normal ssl reading steps:

public static SSLSocketFactory acceptMyCertificate(String sslCert) {
final char[] JKS_PASSWORD = "changeit".toCharArray();
final char[] KEY_PASSWORD = "changeit".toCharArray();
System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");
    try {
       final KeyStore keyStore = KeyStore.getInstance("JKS");             
       String workingDir = System.getProperty("user.dir");
       final String path = workingDir+sslCert;
       final InputStream is = new FileInputStream(path);
       keyStore.load(is, JKS_PASSWORD);
       final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
       kmf.init(keyStore, KEY_PASSWORD);
       final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
       tmf.init(keyStore);
       final SSLContext sc = SSLContext.getInstance("TLS");
       sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new java.security.SecureRandom());
       final SSLSocketFactory socketFactory = sc.getSocketFactory();
       return socketFactory;
    } catch (GeneralSecurityException exc) {
        throw new RuntimeException(exc);
    }
    catch (IOException exc) {
        throw new RuntimeException(exc);
    }
}

Now I am able to send to my mqtt using converted .jks file