Issues with keystore

Posted on

I have a set of commands for the purpose of establishing a keystore with the various certs we require.

I have gotten a cert generated for my server, and ran the following command (which seems a bit redundant, but it was what I was provided):
openssl pkcs12 -export -in .cer -inkey .key -certfile .cer -out .p12

then by the instructions I have I run:
keytool -importkeystore -srckeystore .p12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype JKS

Then that is followed by:
keytool -changealias -keystore keystore.jks -alias 1

which doesn't work because there is no alias labeled 1 so I ran the following to discover I had no entries at all.
sudo keytool -list -v -keystore keystore.jks

So I skipped over that to run the pks conversion:
keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.jks -deststoretype pkcs12

which tells me 0 success and 0 errors and generates a new keystore.jks and renames the previous to keystore.jks.old

So now I have to add other certs we've been given, so i run the following command as needed:

keytool -import -alias -keystore keystore.jks -file .cer

However, I sometimes get errors stating that the keystore.jks is an empty file and sometime I get a message with details of the cert and the entry, concluding with an error either as "keytool error: java.io.EOFException" or as "java.security.ProviderException: java.lang.UnsupportedOperationException"

From poking around on the net i haven't found anything that explains either, but I did find an old article here about a bug when using FIPS. These commands I'm using were generated when we were using CentOS7, but now we are using RHEL8.8. could it be that these commands aren't fully supported the way they are presently written?
Could it be that my cert's I'm trying to import are corrupted?
Can anyone point me in the right direction?

Thanks in advance.

Responses