We are using the steps for securing our development ITPAM environment documented here: Configure JBoss Web Server for Custom SSL Certificates that Prohibit JAR Signing
While performing step 5 (keytool -importkeystore -srckeystore automation.p12 -destkeystore automation.jks -srcstoretype pkcs12 -srcalias automation -destalias automation) we receive the error:
keytool error: java.io.IOException: parseAlgParameters failed: ObjectiveIdentifier() -- data isn't an object ID (tag = 48)
Release : 4.3
Component : ITPAM Domain Orchestrator
It appears that older versions of java/keytool are not compatible with converting PKCS12 certificates into JKS files.
Install the keytool available from Oracle JRE 1.8.311.
We tried downloading/extracting OpenJDK8U-jdk_x64_windows_hotspot_8u312b07. But when running the command it gave the following error:
keytool error: java.io.IOException: keystore password was incorrect
java.IO.IOException: keystore password was incorrect
at ....
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: java.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.