Should the password Vault keystore format be migrated from JCEKS to PKCS12 ?

Solution Verified - Updated -

Issue

  • Getting the following WARNING message:

    Warning: The JCEKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /path/to/vault.keystore -destkeystore /path/to/vault.keystore -deststoretype pkcs12"
    
  • Can this WARNING be ignored ; Or should the Vault Keystore be indeed migrated from JCEKS to PKCS12 ?

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6
    • 7
  • JDK8 update 151 or later
  • Keytool (JAVA), executing command as for example:

    keytool -storetype jceks -keypasswd -alias vault -keypass ***** -new ${user} -keystore /path/to/vault.keystore -storepass *****
    

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content