0

I am on Java 1.7.0_60.
I have a pfx keystore which I converted to JKS keystore using below:

keytool -importkeystore -srckeystore mypfx.pfx -srcstoretype pkcs12 -destkeystore myjks.jks -deststoretype jks

Now when I use this JKS keystore in my code to load the KeyStore object I get IOException: Invalid Keystore format at line#3 in below snippet: 

InputStream is =  HttpTester.class.getClassLoader().getResourceAsStream("myjks.jks");
KeyStore identityKeyStore = KeyStore.getInstance("jks");  
identityKeyStore.load(inputStream, CERT_PASSWORD.toCharArray());

I also verified that the newly created myjks.jks keystore is not corrupted by doing this and was able to open up just fine 

keytool -v -list -keystore myjks.jks

I am trying to do a mutual two-way SSL authentication which is why I am on this version of Java and also be able to deploy it onto a Websphere 8.5 server which only supports 1.7.
Any ideas?

james2611nov
  • 473
  • 2
  • 10
  • 27
  • Not enough information. How did you do the import? Can `keytool` read the keystore file, e.g. to list content? – Andreas Jul 03 '18 at 16:24
  • I used this command `keytool -importkeystore -srckeystore mypfx.pfx -srcstoretype pkcs12 -destkeystore myjks.jks -deststoretype jks` – james2611nov Jul 03 '18 at 17:36
  • Edit the question and add that command to *clarify* the question. Also verify that `keytool` can read the keystore, so add the command and output used to *test* the keystore. – Andreas Jul 03 '18 at 17:56
  • @Andreas edited. Yes `keytool` can read the keystore as well. – james2611nov Jul 03 '18 at 18:26
  • Since you didn't specify any password on the `keytool` command-lines, the keystore doesn't have a store password, so pass `null` to the `load` method. – Andreas Jul 03 '18 at 18:30
  • @Andreas `'keytool -v -list -keystore myjks.jks` always prompts for Password before showing me the contents of it so the password is not `null` for sure. Also during `jks` creation`keytool -importkeystore` prompted me to enter `destination password`. I am thinking if I can achieve the same conversion using `openssl` – james2611nov Jul 03 '18 at 18:34
  • 1
    You can't achieve the same conversion using `openssl`, since it doesn't support the `jks` format. You could of course instead try using the `mypfx.pfx` file directly, by using `KeyStore.getInstance("pkcs12")` – Andreas Jul 03 '18 at 18:54
  • Using pkcs12 worked and surprisingly using 'jks' worked as well when I tried in a different version of eclipse. – james2611nov Jul 03 '18 at 20:52
  • Different version of Eclipse shouldn't have mattered, but different version of Java definitely could have. Did your other Eclipse perhaps use an older Java version? Anyway, since problem is no longer reproducible, you should just delete this question. – Andreas Jul 03 '18 at 20:57

0 Answers0