java.io.IOException: Invalid keystore format when running keytool to manage tomcat.keystore
search cancel

java.io.IOException: Invalid keystore format when running keytool to manage tomcat.keystore

book

Article ID: 100662

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction


When trying to use the JDK keytool to manage tomcat.keystore created by the ProxyUI.

The keytool sends the error:

java.io.IOException: Invalid keystore format

Does the ProxyUI use a different tool to create the tomcat.keystore?

This is command used:

# keytool -list -v -keystore /{home_policy_server}/SSL/keys/tomcat.keystore -storepass <password>

keytool error: java.io.IOException: Invalid keystore format java.io.IOException: Invalid keystore format
  at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658)
  at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
  at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
  at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
  at java.security.KeyStore.load(KeyStore.java:1445)
  at sun.security.tools.keytool.Main.doCommands(Main.java:823)
  at sun.security.tools.keytool.Main.run(Main.java:366)
  at sun.security.tools.keytool.Main.main(Main.java:359)

 

Resolution


It appears that the keytool defaults to jks format if the -storetype command is not specified.

The GUI creates the tomcat.keystore file in JCEKS format.

The proper syntax to use the keytool to list the contents of the tomcat.keystore in JCEKS format with a password of <password> is:

# keytool -list -storetype jceks -keystore tomcat.keystore -storepass <password> -v

 

Powered by Wolken Software