Reputation: 1581
Java Keystore not loading certificate -- Keystore loads only the private key but not the certificate of a password-less PKCS12 file
I am trying to load a private key and a certificate bundled in a PKCS12 file using Java's Keystore#load. The PKCS12 file uses no password and is intended for two-way TLS connections (TLS client-authentication).
The documentation for Keystore#load describes the parameter password as follows:
password - the password used to check the integrity of the keystore, the password used to unlock the keystore, or null.
I interpreted passing null to be the correct choice when loading a PKCS12 file with no password.
On executing the following code, I expected both the private key and the certificate to be loaded into keyStore:
keyStore.load(pkcs12InputStream, null)
However, only the private key is loaded as can be seen by executing the following code after the load operation above:
keyStore.getCertificateChain("1") // or, the custom alias
which returns null
What is the correct way to load both the private key and the certificate using Keystore#load for a PKCS12 file with no password?
Upvotes: 0
Views: 26
Answers (1)
Reputation: 1581
Keystore#load expects the value of password to be an empty character array (i.e., new char[0]) when the PKCS12 file uses no password.
It is unclear from the documentation what the purpose of passing null as the value of password is.
Upvotes: 0
Related Questions
- How to import a .cer certificate into a java keystore?
- Java keytool : Importing PKCS12 to jks , getting error keystore password was incorrect
- CertificateChain is null when importing pkcs12 (.p12) client-certificate file in Java Keystore
- Create java keystore from private key and CA certificate bundle
- Java: Keystore password same as Key(Certificate) password and updating it
- How to store symmetric secret key in Java PKCS12 keystore
- KeyStore not applying / enforcing private key password for PKCS12 file in Android with BouncyCastle