Discussion:
import PKCS12 keystore in a Websphere App.
(too old to reply)
sjagad
2006-06-04 14:09:21 UTC
Permalink
Hi,

I am running WAS 5.1.1 (IBM J2RE 1.4.2).

In my application code, I am trying to import a PKCS12 keystore (.p12
file) that was generated using OpenSSL. It is failing at the time when
I am trying to load the keystore using the load method with the
following exception:

java.io.IOException - Error reading keystore. Check if the password is
correct.

I am pretty sure the password is correct.

Also, I tried importing this keystore using the iKeyman utility. It
fails with the message - "The specified database is corrupted".

However, when I try to list the contents of the keystore using openssl,
it is getting listed properly.

Is there an incompatibility between the p12 files generated by openssl
and that required by IBMJCE?
Is there a solution to this problem? Any help would be appreciated.

Thanks.
javerra
2006-06-27 20:03:36 UTC
Permalink
Post by sjagad
Hi,
I am running WAS 5.1.1 (IBM J2RE 1.4.2).
In my application code, I am trying to import a PKCS12 keystore (.p12
file) that was generated using OpenSSL. It is failing at the time when
I am trying to load the keystore using the load method with the
java.io.IOException - Error reading keystore. Check if the password is
correct.
I am pretty sure the password is correct.
Also, I tried importing this keystore using the iKeyman utility. It
fails with the message - "The specified database is corrupted".
However, when I try to list the contents of the keystore using openssl,
it is getting listed properly.
Is there an incompatibility between the p12 files generated by openssl
and that required by IBMJCE?
Is there a solution to this problem? Any help would be appreciated.
Thanks.
I am having the same issue. Have you had any luck?
Dexthor
2006-06-27 20:40:49 UTC
Permalink
Post by javerra
Post by sjagad
Hi,
I am running WAS 5.1.1 (IBM J2RE 1.4.2).
In my application code, I am trying to import a PKCS12 keystore (.p12
file) that was generated using OpenSSL. It is failing at the time when
I am trying to load the keystore using the load method with the
java.io.IOException - Error reading keystore. Check if the password is
correct.
I am pretty sure the password is correct.
Also, I tried importing this keystore using the iKeyman utility. It
fails with the message - "The specified database is corrupted".
However, when I try to list the contents of the keystore using openssl,
it is getting listed properly.
Is there an incompatibility between the p12 files generated by openssl
and that required by IBMJCE?
Is there a solution to this problem? Any help would be appreciated.
Thanks.
I am having the same issue. Have you had any luck?
http://publib.boulder.ibm.com/httpserv/ihsdiag/gather_certificate_doc.html

Ikeyman: The specified database has been corrupted (Strong Encryption).
Often PKCS12 files (or other Key Databases) use strong encryption that
is not available in the default JCE policy files provided by java.
To test if the cryptography level in your PKCS12 file exceeds the JCE
defaults, use the keytool command supplied in your JRE: keytool -list
-v -keystore /tmp/your.p12 -storetype pkcs12 -storepass password

... Unsupported keysize or algorithm parameters

Solution: Install the appropriate JCE policy files for your JRE:
1.4.2+ JRE on AIX, Linux, Windows IBM unrestricted JCE policy files
1.4.2+ JRE on HPUX, Sun: Sun unrestricted JCE policy files

Looks like this is a known issue and there is a workaround for this :)

-Dexthor.

Loading...