Converting PEM to PKCS12 and import to Java Keystore
Question
I've a PEM bundle generated by Hashicorp Vault that looks like the following one:
client.pem
-----BEGIN RSA PRIVATE KEY-----
<<contents>>
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<<contents>>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<<contents>>
-----END CERTIFICATE-----
What I'm trying to achieve is to export the PEM format to PKCS12 in order to properly import it to the Java keystore.
For doing so I'm performing the following steps:
- Export my pem bundle to pkcs12:
openssl pkcs12 -export -name client -inkey client.pem -in client.pem -out client.p12 -nodes -passout pass:123456
- Import the PKCS12 client.p12 into the keystore:
keytool -importkeystore -destkeystore client-keystore.jks -srckeystore client.p12 -deststorepass 123456 -srcstoretype PKCS12 -srcstorepass 123456
At this point, no matter how many combinations of export/import I do try out but I'm always getting the same error when trying to import it to the keystore:
Importing keystore client.p12 to client-keystore.jks...
keytool error: java.io.IOException: keystore password was incorrect
Any idea what password is asking me for or what I'm doing wrong? Thanks!
1 answers
solution1
0 2021-04-15 11:23:59
At the end it wasn't related to the password after all, shed light to the underlying error by providing the -v flag to the import command, the client certificate subject field was missing and that's why the import was failing. By issuing a certificate to Vault with the subject field properly set solved the issue
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.