On 11/13/2017 2:20 PM, Florian Bruckner (3kraft) wrote:
Hi,
have just stumbled upon a quite strange behavior in a SSL connection
with a client certificate.
Looks like your private key is BER encoded. I think this is supposed to
be fine, but the code is being a bit too strict and rejecting it. There
was a change around 8u121 that added some more DER enforcement. Can you
try converting everything to DER to see if that clears up the problem?
You can do this with openssl e.g.:
openssl pkcs12 -in pkcs12-file -out key-and-cert -nodes -passin pass:abcXYZ
openssl pkcs12 -in key-and-cert -export -out new-pkcs12-file -passout
pass:abcXYZ
The JKS exception doesn't really provide a lot of information. It would
be helpful if you could import the DER-formatted PKCS#12 file back into
JKS and let me know if that works.
