PKCS12 to JKS conversion failure

P

3

2

I'm trying to convert a PKCS12 format file to a JKS keystore using the command:

keytool -v -importkeystore -trustcacerts -srckeystore cert.p12 -srcstoretype PKCS12 -destkeystore md_keystore.jks -deststoretype JKS

This returns the following message:

0 entries successfully imported, 0 entries failed or cancelled

I've taken a look at the cert.p12 file using openSSL and it appears to be fine - it contains the full certificate chain and the private key. There is no stacktrace being returned either and the resulting keystore file is also empty.

Anyone have any ideas why keystore would fail to import a seemingly valid certificate, and yet not produce any stacktraces etc?

Propolis answered 31/5, 2012 at 14:59 Comment(3)

Try using keytool -list to see whether keytool can see the content of your PKCS#12 file perhaps. – Ear 31/5, 2012 at 15:39

@Ear It appears that keytool can't see the contents of the PKCS12 file which would be causing the issue. I'll have to do some more digging to find out why, but thanks for the pointer. – Propolis 1/6, 2012 at 17:27

Is the certificate chain in the PKCS #12 file one that you produced yourself? If so, are the serial numbers on the root certificate and the end-entity certificate different? I've noticed that OpenSSL doesn't seem to have a problem with this error, but other tools reject the mistake, usually silently. – Ns 6/6, 2012 at 16:45

M

2

I have imported some PKCS12 certificates recently using this command line:

keytool -importkeystore -srckeystore cert.p12 -srcstoretype PKCS12 -srcstorepass certificatePassword -keystore keystore_file_name.jks -storepass keystore_password

Mentally answered 31/5, 2012 at 16:5 Comment(0)

N

1

Tims, I bet you you set an empty passphrase to encrypt your p12 key store.

Try to create the p12 again with a non empty value. I had the same problem and this solved for me. I have not figured out how to make keytool to accept p12 files with an empty passphrese though.

Recommended topics

Hot tags