问题
keytool is reporting Keystore type as JKS. Expected it to be PKCS12.
$ $(dirname $(readlink -f $(which keytool)))/java -version
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
$ keytool -genkey -storetype PKCS12 -keystore foo.p12 -dname "CN=foo" -storepass password -keypass password
$ keytool -list -keystore foo.p12 -storepass password
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
mykey, 18/10/2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): FD:2A:C7:EE:B4:D8:41:91:71:25:C2:3F:8D:89:11:6F:F8:D6:F3:73
Is this the correct way to create a pkcs12 keystore?
回答1:
Cannot reproduce:
C:\Temp>keytool -genkey -storetype PKCS12 -keystore foo.p12 -dname "CN=foo" -storepass password -keypass password
C:\Temp>keytool -list -keystore foo.p12 -storepass password
keytool error: java.io.IOException: Invalid keystore format
C:\Temp>java -version
java version "1.8.0_40"
Java(TM) SE Runtime Environment (build 1.8.0_40-b26)
Java HotSpot(TM) Client VM (build 25.40-b25, mixed mode, sharing)
C:\Temp>keytool -list -keystore foo.p12 -storepass password -storetype PKCS12
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
mykey, 18/10/2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): 3F:C2:78:0D:E5:8D:11:68:2E:EB:31:D3:65:53:69:9F:
87:65:63:3A
Is this the correct way to create a pkcs12 keystore?
Yes, but it's not the correct way to list it. You need -storetype PKCS12 as per my last example above.
来源:https://stackoverflow.com/questions/46801023/keytool-reports-a-pkcs12-keystore-as-jks