Nihii
Commodore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-02-14
14:33
477 views
Fail to Import Engine SSL CertificateDNS_Serve.ks
Hello,
As suggested from MicroFocus support for importing SSL CertificateDNS_server.ks in IDM Apps 4.7.2 upgrade, we are trying to import SSL CertificateDNS_server.ks on tomcat server from IDM engine using following script
/opt/netiqhttps://www.novell.com/common/jre/bin/keytool -genkey -keyalg RSA -keysize 2048 -keystore /tmp/tomcat.ks -storepass $1 -keypass $1 -alias idm -validity 7300 -dname "cn=delete"
/opt/netiqhttps://www.novell.com/common/jre/bin/keytool -delete -alias idm -keysize 2048 -keystore /tmp/tomcat.ks -storepass $1 -keypass $1
echo "/opt/netiqhttps://www.novell.com/common/jre/bin/java -cp ${2}https://www.novell.com/common/lib/dirxml_misc.jar:${2}https://www.novell.com/common/lib/ldap.jar:${2}https://www.novell.com/common/lib/xp.jar:${2}https://www.novell.com/common/lib/nxsl.jar:${2}https://www.novell.com/common/lib/jclient.jar com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host ${3} -port ${4} -user "${5}" -password ${6} -exportcerts "SSL CertificateDNS" server java /tmp"
/opt/netiqhttps://www.novell.com/common/jre/bin/java -cp /mnt/idm47https://www.novell.com/common/lib/dirxml_misc.jar:/mnt/idm47https://www.novell.com/common/lib/ldap.jar:/mnt/idm47https://www.novell.com/common/lib/xp.jar:/mnt/idm47https://www.novell.com/common/lib/nxsl.jar:/mnt/idm47https://www.novell.com/common/lib/jclient.jar com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host 10.182.71.23 -port 636 -user "cn=admin,o=jnet" -password novell -exportcerts "SSL CertificateDNS" server java /tmp
/opt/netiqhttps://www.novell.com/common/jre/bin/keytool -importkeystore -srckeystore "/tmp/SSL CertificateDNS_server.ks" -destkeystore /tmp/tomcat.ks -srcstorepass dirxml -deststorepass novell -srcalias "SSL CertificateDNS" -srckeypass dirxml -destkeypass novell -deststoretype JKS -noprompt
/opt/netiqhttps://www.novell.com/common/jre/bin/keytool -importkeystore -srckeystore "/tmp/SSL CertificateDNS_server.ks" -destkeystore "/tmp/tomcat.ks" -srcstorepass dirxml -deststorepass novell -srcalias "trustedcert" -destalias "trustedcert" -srckeypass dirxml -deststoretype JKS -noprompt
rm "/tmp/SSL CertificateDNS_server.ks"
But when we execute the script we had following error:
./generate_keystore.sh novell /mnt/idm47/ xx.xx.xx.xx 636 "cn=admin,o=xx" novell
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /tmp/tomcat.ks -destkeystore /tmp/tomcat.ks -deststoretype pkcs12".
/opt/netiqhttps://www.novell.com/common/jre/bin/java -cp /mnt/idm47/https://www.novell.com/common/lib/dirxml_misc.jar:/mnt/idm47/https://www.novell.com/common/lib/ldap.jar:/mnt/idm47/https://www.novell.com/common/lib/xp.jar:/mnt/idm47/https://www.novell.com/common/lib/nxsl.jar:/mnt/idm47/https://www.novell.com/common/lib/jclient.jar com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host xx.xx.xx.xx -port 636 -user cn=admin,o=xx -password novell -exportcerts SSL CertificateDNS server java /tmp
NetIQ Identity Manager Command Line Utility
version 4.7.0.0
Copyright (c) 2017 NetIQ Corporation. All Rights Reserved
Logging in using:
host: /xx.xx.xx.xx:636
user: cn=admin,o=jnet
Using LDAP protocol with SSL
DirXML version is 4.7.2.0 AE.
Driver set CN=xxx,OU=services,O=xx is associated with the server.
Importing keystore /tmp/SSL CertificateDNS_server.ks to /tmp/tomcat.ks...
keytool error: java.io.FileNotFoundException: /tmp/SSL CertificateDNS_server.ks (No such file or directory)
Importing keystore /tmp/SSL CertificateDNS_server.ks to /tmp/tomcat.ks...
keytool error: java.io.FileNotFoundException: /tmp/SSL CertificateDNS_server.ks (No such file or directory)
It looks like SSL CertificateDNS_server.ks was not exported to /tmp.... Any suggestions on this issue.
As suggested from MicroFocus support for importing SSL CertificateDNS_server.ks in IDM Apps 4.7.2 upgrade, we are trying to import SSL CertificateDNS_server.ks on tomcat server from IDM engine using following script
/opt/netiqhttps://www.novell.com/common/jre/bin/keytool -genkey -keyalg RSA -keysize 2048 -keystore /tmp/tomcat.ks -storepass $1 -keypass $1 -alias idm -validity 7300 -dname "cn=delete"
/opt/netiqhttps://www.novell.com/common/jre/bin/keytool -delete -alias idm -keysize 2048 -keystore /tmp/tomcat.ks -storepass $1 -keypass $1
echo "/opt/netiqhttps://www.novell.com/common/jre/bin/java -cp ${2}https://www.novell.com/common/lib/dirxml_misc.jar:${2}https://www.novell.com/common/lib/ldap.jar:${2}https://www.novell.com/common/lib/xp.jar:${2}https://www.novell.com/common/lib/nxsl.jar:${2}https://www.novell.com/common/lib/jclient.jar com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host ${3} -port ${4} -user "${5}" -password ${6} -exportcerts "SSL CertificateDNS" server java /tmp"
/opt/netiqhttps://www.novell.com/common/jre/bin/java -cp /mnt/idm47https://www.novell.com/common/lib/dirxml_misc.jar:/mnt/idm47https://www.novell.com/common/lib/ldap.jar:/mnt/idm47https://www.novell.com/common/lib/xp.jar:/mnt/idm47https://www.novell.com/common/lib/nxsl.jar:/mnt/idm47https://www.novell.com/common/lib/jclient.jar com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host 10.182.71.23 -port 636 -user "cn=admin,o=jnet" -password novell -exportcerts "SSL CertificateDNS" server java /tmp
/opt/netiqhttps://www.novell.com/common/jre/bin/keytool -importkeystore -srckeystore "/tmp/SSL CertificateDNS_server.ks" -destkeystore /tmp/tomcat.ks -srcstorepass dirxml -deststorepass novell -srcalias "SSL CertificateDNS" -srckeypass dirxml -destkeypass novell -deststoretype JKS -noprompt
/opt/netiqhttps://www.novell.com/common/jre/bin/keytool -importkeystore -srckeystore "/tmp/SSL CertificateDNS_server.ks" -destkeystore "/tmp/tomcat.ks" -srcstorepass dirxml -deststorepass novell -srcalias "trustedcert" -destalias "trustedcert" -srckeypass dirxml -deststoretype JKS -noprompt
rm "/tmp/SSL CertificateDNS_server.ks"
But when we execute the script we had following error:
./generate_keystore.sh novell /mnt/idm47/ xx.xx.xx.xx 636 "cn=admin,o=xx" novell
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /tmp/tomcat.ks -destkeystore /tmp/tomcat.ks -deststoretype pkcs12".
/opt/netiqhttps://www.novell.com/common/jre/bin/java -cp /mnt/idm47/https://www.novell.com/common/lib/dirxml_misc.jar:/mnt/idm47/https://www.novell.com/common/lib/ldap.jar:/mnt/idm47/https://www.novell.com/common/lib/xp.jar:/mnt/idm47/https://www.novell.com/common/lib/nxsl.jar:/mnt/idm47/https://www.novell.com/common/lib/jclient.jar com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host xx.xx.xx.xx -port 636 -user cn=admin,o=xx -password novell -exportcerts SSL CertificateDNS server java /tmp
NetIQ Identity Manager Command Line Utility
version 4.7.0.0
Copyright (c) 2017 NetIQ Corporation. All Rights Reserved
Logging in using:
host: /xx.xx.xx.xx:636
user: cn=admin,o=jnet
Using LDAP protocol with SSL
DirXML version is 4.7.2.0 AE.
Driver set CN=xxx,OU=services,O=xx is associated with the server.
Importing keystore /tmp/SSL CertificateDNS_server.ks to /tmp/tomcat.ks...
keytool error: java.io.FileNotFoundException: /tmp/SSL CertificateDNS_server.ks (No such file or directory)
Importing keystore /tmp/SSL CertificateDNS_server.ks to /tmp/tomcat.ks...
keytool error: java.io.FileNotFoundException: /tmp/SSL CertificateDNS_server.ks (No such file or directory)
It looks like SSL CertificateDNS_server.ks was not exported to /tmp.... Any suggestions on this issue.
5 Replies
aburgemeister
Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-02-14
14:58
If you are working with Micro Focus support, I would probably recommend
asking them, as presumably they wrote this and understand why they did
what they did. For such a simple script, this is pretty ugly. From which
version are you upgrading to 4.7 SP2?
On 02/14/2019 07:34 AM, ngujjula wrote:
> /tmp/SSL CertificateDNS_server.ks
Does that file exist on your system? What is supposed to create it? Why
in the world would they have a space in the filename?
Anyway, I'd start with them. If they just typed these up and hoped they
would work I think they should try again.
--
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
asking them, as presumably they wrote this and understand why they did
what they did. For such a simple script, this is pretty ugly. From which
version are you upgrading to 4.7 SP2?
On 02/14/2019 07:34 AM, ngujjula wrote:
> /tmp/SSL CertificateDNS_server.ks
Does that file exist on your system? What is supposed to create it? Why
in the world would they have a space in the filename?
Anyway, I'd start with them. If they just typed these up and hoped they
would work I think they should try again.
--
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
dgersic
Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-02-15
14:13
ab;2495332 wrote:
If you are working with Micro Focus support, I would probably recommend
asking them, as presumably they wrote this and understand why they did
what they did. For such a simple script, this is pretty ugly. From which
version are you upgrading to 4.7 SP2?
On 02/14/2019 07:34 AM, ngujjula wrote:
> /tmp/SSL CertificateDNS_server.ks
Does that file exist on your system? What is supposed to create it? Why
in the world would they have a space in the filename?
Anyway, I'd start with them. If they just typed these up and hoped they
would work I think they should try again.
--
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
If I recall correctly, in the IDM47 "configure.sh" script, they do a bunch of mucking about with certificates, one step of which builds a keystore under /tmp, then moves it somewhere under /opt/netiq. They build the keystore from an import of whatever the server's LDAP server is using, in this case probably "SSL CertificateDNS".
The PKCS12 warning from Oracle is just annoying.
cpedersen
Admiral
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-02-15
08:02
On 14.02.19 15:34, ngujjula wrote:
>
> Hello,
>
> As suggested from MicroFocus support for importing SSL
> CertificateDNS_server.ks in IDM Apps 4.7.2 upgrade, we are trying to
> import SSL CertificateDNS_server.ks on tomcat server from IDM engine
> using following script
>
>
> /opt/netiq/common/jre/bin/keytool -genkey -keyalg RSA -keysize 2048
> -keystore /tmp/tomcat.ks -storepass $1 -keypass $1 -alias idm -validity
> 7300 -dname "cn=delete"
>
> /opt/netiq/common/jre/bin/keytool -delete -alias idm -keysize 2048
> -keystore /tmp/tomcat.ks -storepass $1 -keypass $1
>
> echo "/opt/netiq/common/jre/bin/java -cp
> ${2}/common/lib/dirxml_misc.jar:${2}/common/lib/ldap.jar:${2}/common/lib/xp.jar:${2}/common/lib/nxsl.jar:${2}/common/lib/jclient.jar
> com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host ${3} -port ${4}
> -user "${5}" -password ${6} -exportcerts "SSL CertificateDNS" server
> java /tmp"
>
> /opt/netiq/common/jre/bin/java -cp
> /mnt/idm47/common/lib/dirxml_misc.jar:/mnt/idm47/common/lib/ldap.jar:/mnt/idm47/common/lib/xp.jar:/mnt/idm47/common/lib/nxsl.jar:/mnt/idm47/common/lib/jclient.jar
> com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host 10.182.71.23
> -port 636 -user "cn=admin,o=jnet" -password novell -exportcerts "SSL
> CertificateDNS" server java /tmp
>
> /opt/netiq/common/jre/bin/keytool -importkeystore -srckeystore "/tmp/SSL
> CertificateDNS_server.ks" -destkeystore /tmp/tomcat.ks -srcstorepass
> dirxml -deststorepass novell -srcalias "SSL CertificateDNS" -srckeypass
> dirxml -destkeypass novell -deststoretype JKS -noprompt
>
> /opt/netiq/common/jre/bin/keytool -importkeystore -srckeystore "/tmp/SSL
> CertificateDNS_server.ks" -destkeystore "/tmp/tomcat.ks" -srcstorepass
> dirxml -deststorepass novell -srcalias "trustedcert" -destalias
> "trustedcert" -srckeypass dirxml -deststoretype JKS -noprompt
>
> rm "/tmp/SSL CertificateDNS_server.ks"
>
>
> But when we execute the script we had following error:
>
> ./generate_keystore.sh novell /mnt/idm47/ xx.xx.xx.xx 636
> "cn=admin,o=xx" novell
>
> Warning:
> The JKS keystore uses a proprietary format. It is recommended to migrate
> to PKCS12 which is an industry standard format using "keytool
> -importkeystore -srckeystore /tmp/tomcat.ks -destkeystore /tmp/tomcat.ks
> -deststoretype pkcs12".
> /opt/netiq/common/jre/bin/java -cp
> /mnt/idm47//common/lib/dirxml_misc.jar:/mnt/idm47//common/lib/ldap.jar:/mnt/idm47//common/lib/xp.jar:/mnt/idm47//common/lib/nxsl.jar:/mnt/idm47//common/lib/jclient.jar
> com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host xx.xx.xx.xx
> -port 636 -user cn=admin,o=xx -password novell -exportcerts SSL
> CertificateDNS server java /tmp
>
> NetIQ Identity Manager Command Line Utility
> version 4.7.0.0
> Copyright (c) 2017 NetIQ Corporation. All Rights Reserved
>
> Logging in using:
> host: /xx.xx.xx.xx:636
> user: cn=admin,o=jnet
> Using LDAP protocol with SSL
> DirXML version is 4.7.2.0 AE.
> Driver set CN=xxx,OU=services,O=xx is associated with the server.
> Importing keystore /tmp/SSL CertificateDNS_server.ks to
> /tmp/tomcat.ks...
> keytool error: java.io.FileNotFoundException: /tmp/SSL
> CertificateDNS_server.ks (No such file or directory)
> Importing keystore /tmp/SSL CertificateDNS_server.ks to
> /tmp/tomcat.ks...
> keytool error: java.io.FileNotFoundException: /tmp/SSL
> CertificateDNS_server.ks (No such file or directory)
>
>
> It looks like SSL CertificateDNS_server.ks was not exported to /tmp....
> Any suggestions on this issue.
>
>
Intersting, it should only be from Java11 where pkcs12 would be forced
as keystore format.
What version is your java in /opt/netiq/common/jre?
Casper
>
> Hello,
>
> As suggested from MicroFocus support for importing SSL
> CertificateDNS_server.ks in IDM Apps 4.7.2 upgrade, we are trying to
> import SSL CertificateDNS_server.ks on tomcat server from IDM engine
> using following script
>
>
> /opt/netiq/common/jre/bin/keytool -genkey -keyalg RSA -keysize 2048
> -keystore /tmp/tomcat.ks -storepass $1 -keypass $1 -alias idm -validity
> 7300 -dname "cn=delete"
>
> /opt/netiq/common/jre/bin/keytool -delete -alias idm -keysize 2048
> -keystore /tmp/tomcat.ks -storepass $1 -keypass $1
>
> echo "/opt/netiq/common/jre/bin/java -cp
> ${2}/common/lib/dirxml_misc.jar:${2}/common/lib/ldap.jar:${2}/common/lib/xp.jar:${2}/common/lib/nxsl.jar:${2}/common/lib/jclient.jar
> com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host ${3} -port ${4}
> -user "${5}" -password ${6} -exportcerts "SSL CertificateDNS" server
> java /tmp"
>
> /opt/netiq/common/jre/bin/java -cp
> /mnt/idm47/common/lib/dirxml_misc.jar:/mnt/idm47/common/lib/ldap.jar:/mnt/idm47/common/lib/xp.jar:/mnt/idm47/common/lib/nxsl.jar:/mnt/idm47/common/lib/jclient.jar
> com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host 10.182.71.23
> -port 636 -user "cn=admin,o=jnet" -password novell -exportcerts "SSL
> CertificateDNS" server java /tmp
>
> /opt/netiq/common/jre/bin/keytool -importkeystore -srckeystore "/tmp/SSL
> CertificateDNS_server.ks" -destkeystore /tmp/tomcat.ks -srcstorepass
> dirxml -deststorepass novell -srcalias "SSL CertificateDNS" -srckeypass
> dirxml -destkeypass novell -deststoretype JKS -noprompt
>
> /opt/netiq/common/jre/bin/keytool -importkeystore -srckeystore "/tmp/SSL
> CertificateDNS_server.ks" -destkeystore "/tmp/tomcat.ks" -srcstorepass
> dirxml -deststorepass novell -srcalias "trustedcert" -destalias
> "trustedcert" -srckeypass dirxml -deststoretype JKS -noprompt
>
> rm "/tmp/SSL CertificateDNS_server.ks"
>
>
> But when we execute the script we had following error:
>
> ./generate_keystore.sh novell /mnt/idm47/ xx.xx.xx.xx 636
> "cn=admin,o=xx" novell
>
> Warning:
> The JKS keystore uses a proprietary format. It is recommended to migrate
> to PKCS12 which is an industry standard format using "keytool
> -importkeystore -srckeystore /tmp/tomcat.ks -destkeystore /tmp/tomcat.ks
> -deststoretype pkcs12".
> /opt/netiq/common/jre/bin/java -cp
> /mnt/idm47//common/lib/dirxml_misc.jar:/mnt/idm47//common/lib/ldap.jar:/mnt/idm47//common/lib/xp.jar:/mnt/idm47//common/lib/nxsl.jar:/mnt/idm47//common/lib/jclient.jar
> com.novell.nds.dirxml.util.DxCommand -v -accept 1 -host xx.xx.xx.xx
> -port 636 -user cn=admin,o=xx -password novell -exportcerts SSL
> CertificateDNS server java /tmp
>
> NetIQ Identity Manager Command Line Utility
> version 4.7.0.0
> Copyright (c) 2017 NetIQ Corporation. All Rights Reserved
>
> Logging in using:
> host: /xx.xx.xx.xx:636
> user: cn=admin,o=jnet
> Using LDAP protocol with SSL
> DirXML version is 4.7.2.0 AE.
> Driver set CN=xxx,OU=services,O=xx is associated with the server.
> Importing keystore /tmp/SSL CertificateDNS_server.ks to
> /tmp/tomcat.ks...
> keytool error: java.io.FileNotFoundException: /tmp/SSL
> CertificateDNS_server.ks (No such file or directory)
> Importing keystore /tmp/SSL CertificateDNS_server.ks to
> /tmp/tomcat.ks...
> keytool error: java.io.FileNotFoundException: /tmp/SSL
> CertificateDNS_server.ks (No such file or directory)
>
>
> It looks like SSL CertificateDNS_server.ks was not exported to /tmp....
> Any suggestions on this issue.
>
>
Intersting, it should only be from Java11 where pkcs12 would be forced
as keystore format.
What version is your java in /opt/netiq/common/jre?
Casper
klasen
Micro Focus Expert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-02-15
10:38
On 2019-02-15 09:02, Casper Pedersen wrote:
>> ./generate_keystore.sh novell /mnt/idm47/ xx.xx.xx.xx 636
>> "cn=admin,o=xx" novell
>>
>> Warning:
>> The JKS keystore uses a proprietary format. It is recommended to migrate
>> to PKCS12 which is an industry standard format using "keytool
>> -importkeystore -srckeystore /tmp/tomcat.ks -destkeystore /tmp/tomcat.ks
>> -deststoretype pkcs12".
> Intersting, it should only be from Java11 where pkcs12 would be forced
> as keystore format.
That warning is present since
https://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html
--
Norbert
>> ./generate_keystore.sh novell /mnt/idm47/ xx.xx.xx.xx 636
>> "cn=admin,o=xx" novell
>>
>> Warning:
>> The JKS keystore uses a proprietary format. It is recommended to migrate
>> to PKCS12 which is an industry standard format using "keytool
>> -importkeystore -srckeystore /tmp/tomcat.ks -destkeystore /tmp/tomcat.ks
>> -deststoretype pkcs12".
> Intersting, it should only be from Java11 where pkcs12 would be forced
> as keystore format.
That warning is present since
https://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html
--
Norbert
--
Norbert
Norbert
cpedersen
Admiral
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-02-18
09:20
On 15.02.19 11:38, Norbert Klasen wrote:
> On 2019-02-15 09:02, Casper Pedersen wrote:
>>> ./generate_keystore.sh novell /mnt/idm47/ xx.xx.xx.xx 636
>>> "cn=admin,o=xx" novell
>>>
>>> Warning:
>>> The JKS keystore uses a proprietary format. It is recommended to migrate
>>> to PKCS12 which is an industry standard format using "keytool
>>> -importkeystore -srckeystore /tmp/tomcat.ks -destkeystore /tmp/tomcat.ks
>>> -deststoretype pkcs12".
>
>
>> Intersting, it should only be from Java11 where pkcs12 would be forced
>> as keystore format.
>
> That warning is present since
> https://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html
>
Ahh, as long it's just a warning then one can ignore it.
I was wrong about Java11, it's from Java9 it will default to PKCS12
(https://docs.oracle.com/javase/9/whatsnew/toc.htm#JSNEW-GUID-71A09701-7412-4499-A88D-53FA8BFBD3D0)
Casper
> On 2019-02-15 09:02, Casper Pedersen wrote:
>>> ./generate_keystore.sh novell /mnt/idm47/ xx.xx.xx.xx 636
>>> "cn=admin,o=xx" novell
>>>
>>> Warning:
>>> The JKS keystore uses a proprietary format. It is recommended to migrate
>>> to PKCS12 which is an industry standard format using "keytool
>>> -importkeystore -srckeystore /tmp/tomcat.ks -destkeystore /tmp/tomcat.ks
>>> -deststoretype pkcs12".
>
>
>> Intersting, it should only be from Java11 where pkcs12 would be forced
>> as keystore format.
>
> That warning is present since
> https://www.oracle.com/technetwork/java/javase/8u151-relnotes-3850493.html
>
Ahh, as long it's just a warning then one can ignore it.
I was wrong about Java11, it's from Java9 it will default to PKCS12
(https://docs.oracle.com/javase/9/whatsnew/toc.htm#JSNEW-GUID-71A09701-7412-4499-A88D-53FA8BFBD3D0)
Casper
