Question and Answer
Standard Reference
IVMS 101 interVASP Messaging StandardAn "Invalid keystore format" error
Error Identified By:
- Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
- Invalid keystore format
When you use any .p12 file from our pack.
Due to the Java security update (check the link), if you are using JDK 8u301 or JDK 11.0.2 or older, Java may face some issues when handling RSA private keys. Here is a simple fix which may help you deal with this problem:
- (Optional) Check whether your Java-related tools have the issue:
keytool -list -keystore your_vasp_certificate.p12 -storetype pkcs12 -storepass [your_secret_key]
- Convert legacy p12 extract get key:
openssl pkcs12 -in your_vasp_certificate.p12 -nocerts -out extract_your_vasp_certificate.key -passin pass:[your_secret] -passout pass:[your_secret]
- Convert legacy extract get crt:
openssl pkcs12 -in your_vasp_certificate.p12 -clcerts -nokeys -out extract_your_vasp_certificate.crt -passin pass:[your_secret]
- Export to new pkcs12:
openssl pkcs12 -inkey extract_your_vasp_certificate.key -in extract_your_vasp_certificate.crt -export -out new_your_vasp_certificate.p12 -passin pass:[your_secret] -passout pass:[your_secret]
- (Optional) Validate that the new .p12 is matched for your Java-related environment
keytool -list -v -storetype pkcs12 -keystore new_your_vasp_certificate.p12 -storepass [your_secret]
Reference:
Convert .JKS to .P12
You can convert .jks to .p12 if your program requires the use of .p12 format.
keytool -importkeystore -srckeystore client-truststore.jks -destkeystore new-client-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -deststorepass [GTR Public Secret] -srcstorepass [GTR Public Secret]
