I've converted a JKS keystore to the P12 format using portecle, but it probably didn't go well. The keystore works with Java 8 (various versions), but with Java 9 (OpenJDK 64-Bit Server VM (build 9-internal+0-2016-04-14-195246.buildd.src, mixed mode), I'm getting
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(java.base@9-internal/JavaKeyStore.java:659)
at sun.security.util.KeyStoreDelegator.engineLoad(java.base@9-internal/KeyStoreDelegator.java:219)
at java.security.KeyStore.load(java.base@9-internal/KeyStore.java:1466)
at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:52)
at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:998)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:252)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:219)
The funny thing is that Java 8 keytool shows
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 5 entries
... entries listed
while the one from Java 9 shows
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 5 entries
... entries listed
I'm aware of JEP 229 and I've read the related issues, but I can't see any related problem.
The JDK keytool utility can convert a JKS keystore into a PKCS12 keystore. For example, using JDK 9,
Also, there have been several keystore enhancements since 2016 so you should use a more recent release of JDK 9, see http://jdk.java.net/9/