0

To create a jks file I run the following commands:

"C:\Program Files (x86)\OpenSSL-Win32\bin\openssl" pkcs12 -export -in client.crt -inkey client.key -certfile clientroot.crt -name kafkaclient -out kafkaclient.p12 -password pass:password
 
"C:\Program Files\Java\jre1.8.0_281\bin\keytool.exe" -importkeystore -srckeystore kafkaclient.p12 -srcstoretype pkcs12 -destkeystore kafkaclient.jks -deststoretype JKS -destkeypass password  -deststorepass password --srcstorepass password
 
"C:\Program Files\Java\jre1.8.0_281\bin\keytool.exe" -import -trustcacerts -keystore kafkaclient.jks -storepass password -alias cmekafka -file clientroot.crt -noprompt

I managed to run the 1st but was prompted to create a password which I could just hit Enter on. The 2nd requires the Keystore password be at least 6 characters.

Is it possible to run these without the need for passwords?

runnerpaul
  • 5,942
  • 8
  • 49
  • 118
  • 1
    Does this answer your question? [Is it possible to create JKS keystore file without a password?](https://stackoverflow.com/questions/23629246/is-it-possible-to-create-jks-keystore-file-without-a-password) – DevWithZachary Jun 29 '21 at 09:42
  • I can't believe you, since `openssl pkcs12 -export` with `-password` but not `-passin` only prompts (saying 'pass phrase' not 'password') if the input key is encrypted, and then if you don't supply the password/phrase it fails. Also, are you sure you need JKS? Java8 since release has supported PKCS12 for both privatekey and trustedcert entries, and since 8u60 has been able to read PKCS12 _even when a program specifies JKS_. OpenSSL, and Java code but not keytool, allow _empty_ pw for PKCS12 (which is not quite none) but other software might not. – dave_thompson_085 Jun 29 '21 at 23:24

0 Answers0