OpenSSL can read .p12 key, but keytool says the password is incorrect

Question

I'm trying to read a .p12 key with the java keytool, so I can import it into a java keystore. I get a password incorrect when I run:

keytool -importkeystore -srckeystore key.p12 -destkeystore mycert.keystore -srcstoretype pkcs12  

Yet the password is right, as when I run:

openssl pkcs12 -in ../../key.p12 -nodes -passin pass:password

It works. How do I access the key and convert it to a Java keystore? It's weird, since it didn't do it with other .p12 keys.

Thanks

Answer 1

Apparently, there could be an "incompatible key", so I converted it to a proper one using these instructions:

Extract the original private key and public certificate from the incompatible PKCS#12 format file into a traditional encrypted PEM format. C:\Openssl\bin\openssl.exe pkcs12 -in <PKCS#12 Filename> -out

Where:

<PKCS#12 Filename> is the input filename of the incompatible PKCS#12 file. is the output filename in encrypted PEM format that will contain both the private key and the public certificate. For example:

C:\Openssl\bin\openssl.exe pkcs12 -in my_pkcs12.pfx -out my_encrypted_pem.pem

Generate a compatible PKCS#12 file

C:\Openssl\bin\openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in -out <PKCS#12 Filename> -name ""

Where:

the encrypted PEM format file generated above. <PKCS#12 Filename> is the output filename of the pkcs#12 format file. is the desired name that will sometimes be displayed in user interfaces. For example:

C:\Openssl\bin\openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in my_encrypted_pem.pem -out my_new_pkcs12.pfx -name "my-name"

source: https://kb.globalscape.com/Knowledgebase/11040/Converting-an-Incompatible-PKCS12-Format-File-to-a-Compatible-PKCS12