as2_certs.p12: PKCS#12 vs JKS #119
Comments
|
This is my output:
config>keytool -list -keystore as2_certs.p12
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 2 entries
openas2a, 27 Jul 2015, PrivateKeyEntry,
Certificate fingerprint (SHA-256):
E4:3D:7D:1B:F2:E5:37:B9:B6:F2:A0:7E:AF:A6:70:C0:4E:2F:CF:EA:B4:AF:CC:91:67:EA:34:11:F2:CB:B1:E6
openas2b, 27 Jul 2015, PrivateKeyEntry,
Certificate fingerprint (SHA-256):
28:02:11:CD:56:A7:24:A9:9E:C2:71:D4:4F:A7:37:EA:5A:D3:62:01:65:12:4A:D0:D7:F7:3D:C3:B7:2F:17:86
Warning:
<openas2a> uses the MD5withRSA signature algorithm which is considered a
security risk.
This is my Java version:
config>java -version
java version "10.0.2" 2018-07-17
Java(TM) SE Runtime Environment 18.3 (build 10.0.2+13)
Java HotSpot(TM) 64-Bit Server VM 18.3 (build 10.0.2+13, mixed mode)
So not sure why you are getting the type as JKS.
Maybe try Portecle (http://portecle.sourceforge.net/) to cross check the
keystore type
…On Wed, Sep 12, 2018 at 12:13 PM Jan Šmucr ***@***.***> wrote:
I'm struggling with sudden certificate issues and I've come across a thing
I don't understand.
The as2_certs.p12 keystore - according to the extension and also to what
the documentation claims - is meant to be in the PKCS#12 format. But it's
not.
keytool -list -keystore as2_certs.p12
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
openas2a, 27.7.2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 2D:4B:42:05:56:80:9B:5D:0E:63:4D:4A:23:3D:9A:39:C3:8D:51:21
openas2b, 27.7.2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 1E:16:65:9B:7A:F2:59:EA:B7:B7:4F:E5:EB:D3:CF:89:3A:0F:89:CA
Warning:
<openas2a> uses the MD5withRSA signature algorithm which is considered a security risk.
All my attempts to convert it to the PKCS#12 format end up losing all
trusted certificates which renders the keystore useless.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#119>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AMtsMo8UjbAWQondZNoYBH8N6lAmUJWrks5uaOxSgaJpZM4WlKqJ>
.
|
|
Also look at this post which may be the issues you are facing: #98 |
|
I see your output shows a SHA-1 certificate - I started using SHA-256 certificates a while back so that must be an old keystore |
|
Somewhat old... It's the default keystore from OpenAS2 2.5.0. Didn't have the chance to check out the 2.6.x yet. |
|
Ok, tried it again with Java 10 and it shows PKCS12 instead of JKS. The bug is on the Java side then. Also Keystore Explorer has no issue with trusted certificates within the keystore. Only Portecle does. Since this does not seem to be the reason for my issues, I am closing the issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm struggling with sudden certificate issues and I've come across a thing I don't understand.
The
as2_certs.p12keystore - according to the extension and also to what the documentation claims - is meant to be in the PKCS#12 format. But it's not.All my attempts to convert it to the PKCS#12 format end up losing all trusted certificates which renders the keystore useless.
The text was updated successfully, but these errors were encountered: