PKCS12 on Windows with Java Keystore #13

New issue

Open

opened 2024-01-23 16:36:57 +01:00 by sf · 0 comments

sf commented 2024-01-23 16:36:57 +01:00

Collaborator

Copy link

PKCS12 files on Windows can not be importet in Java Keystore when openssl is to new or the keystore to old.

 c:\s_tools\cert-proxy-client>c:\s_tools\QTime\Q1\jre\bin\keytool.exe -importkeystore --srckeystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\bundle.pfx" -keystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\mportal.keystore" -srcstoretype PKCS12 -destkeystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\mportal.keystore" -deststoretype JKS -srcstorepass changeme -deststorepass changeme -noprompt
Keytool-Fehler: java.io.IOException: parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48)

Workaround:

Get PEM files on Windows and generate PKCS12 bundle with -legacy option, for example:
openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out bundle.pfx -legacy -password pass:changeme

So please add an option to get legacy formated pkcs12 bundles.

PKCS12 files on Windows can not be importet in Java Keystore when openssl is to new or the keystore to old. ``` c:\s_tools\cert-proxy-client>c:\s_tools\QTime\Q1\jre\bin\keytool.exe -importkeystore --srckeystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\bundle.pfx" -keystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\mportal.keystore" -srcstoretype PKCS12 -destkeystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\mportal.keystore" -deststoretype JKS -srcstorepass changeme -deststorepass changeme -noprompt Keytool-Fehler: java.io.IOException: parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48) ``` **Workaround:** Get PEM files on Windows and generate PKCS12 bundle with `-legacy` option, for example: `openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out bundle.pfx -legacy -password pass:changeme` So please add an option to get legacy formated pkcs12 bundles.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

debian/bullseye

ci

debian/sid

heiko/dev

fqdn-cn

debian/buster

v1.18.2

1.18.1

1.18.0

1.17

debian/1.17-0

debian/1.17_RC0-1

1.17-RC0

1.16-RC1

debian/1.16-RC0-0

1.16-RC0

debian/1.15.3-2

debian/1.15.3-1

1.15.3

1.15.2

debian/1.15.1-2

debian/1.15.1-1

1.15.1

1.15

debian/1.14.1-2

debian/1.14.1-1

1.14.1

1.14

debian/1.13-1

1.13

debian/1.12-2

1.12

1.11

debian/1.10.2-2

debian/1.10.2-1

1.10.2

debian/1.10.1-1

1.10.1

1.10

debian/1.9-2

debian/1.9-1

1.9

debian/1.8-3

debian/1.8-2

debian/1.8-1

1.8

debian/1.7.1-1

1.7.1

debian/1.7-1

1.7

debian/1.6-1

1.6

debian/1.5-4

debian/1.5-3

debian/1.5-2

debian/1.5-1

1.5

1.4

1.3.1

debian/1.3-4

debian/1.3-3

debian/1.3-2

debian/1.3-1

debian/1.3-0

1.3

1.2

1.1

1.0

0.5

0.4

0.3

0.2

0.1

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

heiko/cert-proxy#13

No description provided.