![]() The are multiple ways how to convert truststore, but probably the easiest way is to use keytool as example: And then the upload of the truststore which will succeed. Re-generate truststore PKCS12 with "legacy algorithms" (which were default algorithm used when generating PKCS12 for java 8 until version 1.8.0u301 and java 11 until version 11.0.12). The work around is to regenerate P12 keystore/truststore with property as described in ( ),or to generated P12 key-store with java versions before 1.8u301 or java 11.0.12. ![]() There is no value defined for this property. For compatibility, a new system property named is defined that will revert the algorithms to use the older, weaker algorithms. See the security properties starting with keystore.pkcs12 in the curity file for detailed information. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. ➜ Upgraded the Default PKCS12 Encryption and MAC Algorithms The default encryption and MAC algorithms used in a PKCS #12 keystore have been updated.Also, support for the following SHA-2 based HmacPBE algorithms has been added to the SunJCE provider: HmacPBESHA224, HmacPBESHA256, HmacPBESHA384, HmacPBESHA512, HmacPBESHA512/224, HmacPBESHA512/256 The detailed explanation and possible values for these properties can be found in the "PKCS12 KeyStore properties" section of the curity file. This includes algorithms and parameters for key protection, certificate protection, and MacData. ➜ Customizing PKCS12 keystore Generation New system and security properties have been added to enable users to customize the generation of PKCS #12 keystores.See the: Security Baselines for JDK 11 and ) The error described above occurs when someone is trying to upload truststore "type PKCS12" using "upgraded" algorithms If the truststore is generated with the latest java (for example java 17 or java 1.8u301+ or java 11.0.12+) then users will get error "Could not load keystore: keystore password was incorrect" The issue occurs on when using Tomcat or Wildly application server using Java 11 with truststore type PKCS12.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |