keytool import error - No password supplied for PKCS#12 KeyStore.
search cancel

keytool import error - No password supplied for PKCS#12 KeyStore.

book

Article ID: 434058

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

While trying to import a certificate into an existing BCFKS keystore using keytool, the following error is seen:
 
# $AUTOSYS_INSTALL_LOCATION/JRE_WA/bin/keytool -importcert -trustcacerts -file example.crt -alias subca2a -keystore $AUTOUSER/webserver/conf/.keystore -storepass #### -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath $AUTOSYS/lib/bc-fips.jar -storetype BCFKS
 
keytool error: java.lang.NullPointerException: No password supplied for PKCS#12 KeyStore.
 

Resolution

Root Cause: The keytool command in recent AutoSys versions (v24.1.x) has a known issue importing certificates directly into keystores of type BCFKS. It incorrectly defaults to PKCS#12 logic and fails to process the Bouncy Castle provider passwords properly when getting an error while trying to import a certificate using keytool.

  1. Convert Keystore to PKCS12: Use keytool to migrate the existing .keystore from BCFKS to PKCS12 format.

  2. Import Certificate: Run the import command against the temporary PKCS12 keystore.

  3. Convert Back to BCFKS: Migrate the updated keystore back to the original BCFKS format using the Bouncy Castle FIPS provider.

  4. Verify Contents: Use the keytool -list command with the -storetype BCFKS parameter to ensure the new certificate entry exists.

  5. Restore Keystore: Replace the active .keystore file with the newly converted BCFKS version and restart AutoSys services.

Additional options include trying to import the certificate using KeyStore Explorer or starting the keystore and certificate process over again from scratch.

Configuring a vendor issued or custom SSL certificate for WebUI/WCC, Autosys Web Server (AEWS), CA Directory (dxserver) and EEM (iGateway)

 

Powered by Wolken Software