I’m in the process of generating a CSR to get a Cert produced so we can get SSL working cleanly on our browsers when accessing the Enforce console.

I’ve completed the process in our test environment and now moving across to Production 15.7. I’m referring to the following article: Article ID: 160518 - Create, sign, and import an SSL certificate signed by a Trusted Certificate Authority

All is OK and I’m running STEP 2 as per the instructions but I get the following message; “The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12”

Is this a DLP/Broadcom recommendation to use this?

Do you suggest I complete this BEFORE I create the CSR on STEP 3?

Should we be using JKS or PKCS12?

Component : Java keytool

This message is not from the DLP application. PKCS12 is not a requirement. 

This appears to be a bug in the JRE version as noted on the pages: 

stackoverflow.com - Can't change the keystore format
Oracle Bug Database - JDK-8193171 : keytool -list displays "JKS" for a PKCS12 keystore.

This error can be safely ignored.