keytool error: parseAlgParameters failed
search cancel

keytool error: parseAlgParameters failed


Article ID: 233044


Updated On:


CA Process Automation Base


We are using the steps for securing our development ITPAM environment documented here: Configure JBoss Web Server for Custom SSL Certificates that Prohibit JAR Signing

While performing step 5 (keytool -importkeystore -srckeystore automation.p12 -destkeystore automation.jks -srcstoretype pkcs12 -srcalias automation -destalias automation) we receive the error:
keytool error: parseAlgParameters failed: ObjectiveIdentifier() -- data isn't an object ID (tag = 48)


Release : 4.3

Component : ITPAM Domain Orchestrator


It appears that older versions of java/keytool are not compatible with converting PKCS12 certificates into JKS files. 


Install the keytool available from Oracle JRE 1.8.311. 

Additional Information

We tried downloading/extracting OpenJDK8U-jdk_x64_windows_hotspot_8u312b07. But when running the command it gave the following error:
keytool error: keystore password was incorrect
java.IO.IOException: keystore password was incorrect
    at ....
Caused by: failed to decrypt safe contents entry: java.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.