Keystore error with mismatching key and keystore passwords for certificates.

Veröffentlichungsdatum: Oct 13, 2022

Beschreibung

During the 'Import from keystore' operation, Salesforce will throw the following error, if the Private Key and the Keystore are encrypted using different password:

"Error: The Keystore contains a certificate "certName" whose per key password is not the same as the keystore password."

Lösung

This problem is reproducible using Java Keytool Command:

For the below code sample, let's say that our password for the "key password" was set to 1234567 initially. Salesforce only requests the "keystore password" be set, so Salesforce needs to be able to decrypt the certificates with this alone by having the passwords match. Thus, when we run the below;

keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore-in-pkcs12.p12 -deststoretype PKCS12 
Enter destination keystore password: <123456> 
Re-enter new password: <123456> 
Enter source keystore password: <123456> 
Enter key password for <salesforce> <123456> 
keytool error: java.security.UnrecoverableKeyException: Cannot recover key

The "keystore" and "key" passwords do not match, so it will throw an 'UnrecoverableKeyException' error.

Conclusion:
In order to avoid this error, ensure that the Private Key and the Keystore are encrypted using same password.

Nummer des Knowledge-Artikels

000387714

Konnten Sie Ihr Problem mithilfe dieses Artikels lösen?

Geben Sie uns Feedback, damit wir uns verbessern können.

Keystore error with mismatching key and keystore passwords for certificates.

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List