I'm installing an application which requires Java (two supported versions - I've chosen the latest) and a cert signed by our internal CA. When I try to import the key/cert into a Java keystore, I get a password error:
keytool error: java.io.IOException: keystore password was incorrect
Steps
I installed openssl:
openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
I created a private key and a config file and used them to generate a CSR:
openssl genrsa -out .\server.key 2048
openssl req -new -key .\server.key -config .\server.cnf -out .\server.csr
I received the cert and merged the key and cert using a known password:
openssl pkcs12 -export -in '.\server.cer' -inkey .\server.key -out .\server.merged.pfx
Enter Export Password:
Verifying - Enter Export Password:
I installed a version of Java supported by the application:
java --version
OpenJDK Runtime Environment 18.9 (build 11.0.2+9)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.2+9, mixed mode)
I attempt to create a new keystore and import the merged PFX file using the known password from the previous step:
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore .\temporary.keystore -srckeystore .\server.merged.pfx -srcstoretype PKCS12
Importing keystore .\server.merged.pfx to .\temporary.keystore...
Enter source keystore password:
keytool error: java.io.IOException: keystore password was incorrect
The password was correct. It was alphanumeric, both cases, no special characters, 30 characters long.
I'm sure I've done this before, some time ago, and it's worked.