Oracle JVM could not read PKCS12 keystore created with IBM JVM keytool
Article ID: KB0083637
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessEvents Enterprise Edition | All |
Description
We have a PKCS12 keystore generated with IBM keytool and we have implemented HTTP SSL with this key store in TIBCO BusinessEvents(BE). BE was not able to read entries from this keystore and HTTPS did not work. Use the Oracle JVM keytool to check the keystore. Oracle keytool was not able to list entries in this store.
<TIBCO_HOME>\tibcojre64\1.8.0\bin>keytool -list -storetype pkcs12 -keystore test.p12 -storepass test Keystore type: PKCS12 Keystore provider: SunJSSE Your keystore contains 0 entries
Issue/Introduction
Oracle JVM could not read PKCS12 keystore created with IBM JVM keytool
Resolution
There is a difference between PKCS12 type keystore created on the keytool provided in the IBM JVM and the keytool provided in an Oracle JVM. The keytool in an IBM JVM uses a PKCS12 keystore to store both key entries and certificate entries.The keytool in an Oracle JVM uses a PKCS12 keystore to store key entries. The keytool program in IBM's JVM can read the keystore created by the keytool program provided by an Oracle JVM, but not the other way around.
There is a second version of PKCS12 type keystore - PKCS12S2 of IBM. This type keystore can be read by the keytool program in an Oracle JVM. Create your .p12 keystore with this type to make it work with Oracle JVM.
There is a second version of PKCS12 type keystore - PKCS12S2 of IBM. This type keystore can be read by the keytool program in an Oracle JVM. Create your .p12 keystore with this type to make it work with Oracle JVM.
Additional Information
https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.0.0/com.ibm.java.security.component.70.doc/security-component/keytoolDocs/supportedkeystoretypes.html
Feedback
Yes
No
Powered by
