Does the Access Gateway support the PKCS12 key store type, which is default with the JDK 11 version?

Release : 12.8.06

Component : SITEMINDER SECURE PROXY SERVER; Access Gateway

Keytool defaults to creating JKS format, thus the -storetype option needs to be used when creating a Tomcat keystore for enabling SSL on Access Gateway 12.8.6.

The 12.8.06 version of Access Gateway supports JDK 11 but the default PKCS12 key store format (JKS format) is not supported with this version of Access Gateway.  You need to create a key store that supports JCEKS for enabling SSL on Tomcat for Access Gateway 12.8.6. You need to run the following command to create a JCEKS key store:

keytool -genkeypair -keysize numbits -keyalg RSA -alias tomcat -storetype JCEKS -keystore tomcat.keystore

Here is the documentation link for enabling SSL on Tomcat for the Access Gateway:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/access-gateway-configuration/configuring-ssl-for-access-gateway/configuring-ssl-on-tomcat-application-server-manually.html