heiko/cert-proxy
1
0
Fork 0
Code Issues 5 Pull requests Releases 1 Activity

PKCS12 on Windows with Java Keystore #13

New issue
Open
opened 2024-01-23 16:36:57 +01:00 by sf · 0 comments
sf commented 2024-01-23 16:36:57 +01:00
Collaborator
Copy link

PKCS12 files on Windows can not be imported in Java ey store when openssl is too new or the key store too old.

c:\s_tools\cert-proxy-client>c:\s_tools\QTime\Q1\jre\bin\keytool.exe -importkeystore --srckeystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\bundle.pfx" -keystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\mportal.keystore" -srcstoretype PKCS12 -destkeystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\mportal.keystore" -deststoretype JKS -srcstorepass changeme -deststorepass changeme -noprompt
Keytool-Fehler: java.io.IOException: parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48)

Workaround:

Get PEM files on Windows and generate PKCS12 bundle with -legacy option, for example:
openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out bundle.pfx -legacy -password pass:changeme

So please add an option to get legacy formatted pkcs12 bundles.

PKCS12 files on Windows can not be imported in Java ey store when openssl is too new or the key store too old. ``` c:\s_tools\cert-proxy-client>c:\s_tools\QTime\Q1\jre\bin\keytool.exe -importkeystore --srckeystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\bundle.pfx" -keystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\mportal.keystore" -srcstoretype PKCS12 -destkeystore "C:\s_tools\cert-proxy-client\certs\mportal.nexst4.de\mportal.keystore" -deststoretype JKS -srcstorepass changeme -deststorepass changeme -noprompt Keytool-Fehler: java.io.IOException: parseAlgParameters failed: ObjectIdentifier() -- data isn't an object ID (tag = 48) ``` **Workaround:** Get PEM files on Windows and generate PKCS12 bundle with `-legacy` option, for example: `openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out bundle.pfx -legacy -password pass:changeme` So please add an option to get legacy formatted pkcs12 bundles.
heiko added reference master 2026-02-19 18:04:52 +01:00
heiko self-assigned this 2026-02-19 18:04:55 +01:00
Sign in to join this conversation.
master
Branches Tags
Clear current reference
master
debian/bullseye
ci
debian/sid
heiko/dev
fqdn-cn
debian/buster
Clear current reference
v1.18.2
1.18.1
1.18.0
1.17
debian/1.17-0
debian/1.17_RC0-1
1.17-RC0
1.16-RC1
debian/1.16-RC0-0
1.16-RC0
debian/1.15.3-2
debian/1.15.3-1
1.15.3
1.15.2
debian/1.15.1-2
debian/1.15.1-1
1.15.1
1.15
debian/1.14.1-2
debian/1.14.1-1
1.14.1
1.14
debian/1.13-1
1.13
debian/1.12-2
1.12
1.11
debian/1.10.2-2
debian/1.10.2-1
1.10.2
debian/1.10.1-1
1.10.1
1.10
debian/1.9-2
debian/1.9-1
1.9
debian/1.8-3
debian/1.8-2
debian/1.8-1
1.8
debian/1.7.1-1
1.7.1
debian/1.7-1
1.7
debian/1.6-1
1.6
debian/1.5-4
debian/1.5-3
debian/1.5-2
debian/1.5-1
1.5
1.4
1.3.1
debian/1.3-4
debian/1.3-3
debian/1.3-2
debian/1.3-1
debian/1.3-0
1.3
1.2
1.1
1.0
0.5
0.4
0.3
0.2
0.1
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
heiko
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
heiko/cert-proxy#13
No description provided.