Does anyone know how to solve this?
I tried many things, but none of them worked.
And when I click more details I get this:
at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
atsun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at com.sun.deploy.security.RootCertStore$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.RootCertStore.loadCertStore(Unknown Source)
at com.sun.deploy.security.RootCertStore.load(Unknown Source)
at com.sun.deploy.security.RootCertStore.load(Unknown Source)
at com.sun.deploy.security.ImmutableCertStore.load(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$000(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Ramesh R
6,9794 gold badges24 silver badges38 bronze badges
asked Jun 27, 2009 at 11:43
7
You may corrupt the file during copy/transfer.
Are you using maven?
If you are copying keystore file with «filter=true», you may corrupt the file.
Please check the file size.
answered Aug 13, 2011 at 13:05
2
Maybe maven encoding you KeyStore, you can set filtering=false to fix this problem.
<build>
...
<resources>
<resource>
...
<!-- set filtering=false to fix -->
<filtering>false</filtering>
...
</resource>
</resources>
</build>
answered Mar 8, 2016 at 7:58
xiezefanxiezefan
6016 silver badges5 bronze badges
2
(Re)installing the latest JDK (e.g. Oracle’s) fixed it for me.
Prior to installing the latest JDK, when I executed the following command in Terminal.app:
keytool -list -keystore $(/usr/libexec/java_home)/jre/lib/security/cacerts -v
It resulted in:
keytool error: java.io.IOException: Invalid keystore format
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1445)
at sun.security.tools.keytool.Main.doCommands(Main.java:792)
at sun.security.tools.keytool.Main.run(Main.java:340)
at sun.security.tools.keytool.Main.main(Main.java:333)
But, after installing the latest Oracle JDK and restarting Terminal, executing the following command:
keytool -list -keystore $(/usr/libexec/java_home)/jre/lib/security/cacerts -v
Results in:
Enter keystore password:
Which indicates that the keytool on path can access the keystore.
answered Jan 5, 2016 at 21:39
Gary S. WeaverGary S. Weaver
7,9464 gold badges37 silver badges61 bronze badges
3
I had the same issue with different versions of keytool:
C:Program FilesJavajdk1.8.0_51binkeytool
but the same keystore file worked fine with
«C:Program FilesJavajre1.8.0_201binkeytool»
I know it is an old thread but have lost a lot of hours figuring this out… 
answered Jun 19, 2020 at 9:55
ShoaebShoaeb
6917 silver badges18 bronze badges
2
I had spent lot of time on this and finally This worked for me —
go to file -> project structure -> SDK Location -> Gradle Settings -> Change Gradle JDK -> from 1.8 to 11
Just change Gradle JDK -> from 1.8 to 11 then rebuild the project and try again
answered Aug 9, 2022 at 6:54
1
for me that issue happened because i generated .jks file on my laptop with 1.8.0_251 and i copied it on server witch had java 1.8.0_45 and when I used that .jks file in my code i got java.io.IOException: Invalid Keystore format.
to solve this issue i generated .jks file directly on the server instead of copy there from my laptop which had different java version.
answered Jan 19, 2021 at 0:48
FaribaFariba
6731 gold badge11 silver badges27 bronze badges
I think the keystore file you want to use has a different or unsupported format in respect to your Java version. Could you post some more info of your task?
In general, to solve this issue you might need to recreate the whole keystore (using some other JDK version for example). In export-import the keys between the old and the new one — if you manage to open the old one somewhere else.
If it is simply an unsupported version, try the BouncyCastle crypto provider for example (although I’m not sure If it adds support to Java for more keystore types?).
Edit: I looked at the feature spec of BC.
answered Jun 27, 2009 at 11:48
akarnokdakarnokd
69k14 gold badges157 silver badges192 bronze badges
Your keystore is broken, and you will have to restore or regenerate it.
answered Jun 27, 2009 at 15:34
1
I ran into the problem with openJDK on ubuntu, had to install Oracle JDK to get it working.
You can follow this guide on google sites to do that.
answered Sep 19, 2017 at 10:19
Sadiq AliSadiq Ali
1,2622 gold badges15 silver badges22 bronze badges
Same issue here, I have Oracle JDK installed and my keystore was created using that, but in the jceks format
keytool -importkeystore -destkeystore client.keystore
-srckeystore redislabs_user.p12 -srcstoretype pkcs12
-deststoretype jceks -alias client-cert
I deleted the -deststoretype jceks option and it worked fine 
answered Nov 5, 2020 at 14:49
rulowebruloweb
6848 silver badges10 bronze badges
In my case, I was running the project with Java version 1.8. and the Keystore.jks file that I generated from java 16.
I changed my project java version to 16 and the error goes away.
Please check the JDK version with which you are generating the keystore and the JDK version for your project are the same or not. If they are different, either generate the keystore from the same JDK on which your current project is running or change the project JDK.
answered Nov 13, 2021 at 17:03
I came across this issue while running keytool command. There is an other way to run the keytool command, mentioned here: https://developers.google.com/android/guides/client-auth using gradlew command.
When I ran in debug mode ./gradlew signingReport --debug got to know that gradle plugin required java 11 and my local has java8. Downloaded java11 and updated Path. Ran the command (Make sure you open a new terminal so that java path is reflected to 11). Works like a charm !!!
answered Sep 25, 2021 at 6:59
saiyansaiyan
5511 gold badge4 silver badges20 bronze badges
This worked for me (Switched to JDK 11, instead of 
Previous JAVA Path «C:Program FilesJavajdk1.8.0_202bin»
Changed Path to "C:Program FilesJavajdk-11.0.14bin"
answered Feb 19 at 12:07
go to build
clean the project
then rebuild your project
it worked for me.
answered Feb 18, 2019 at 10:27
It may be necessary to run cmd as administrator.
the paths to specify the .jks file must be / and not .
If they open the cmd with the path where the .jks file is located, they only put in the /key.jks path
answered Apr 2, 2022 at 22:57
I had problem with «Invalid Keystore format» too. All this answers can’t helped me.
In my case problem was on Mac OS. JAVA_HOME=jdk1.8 not pulled from .zschrc, so I think that generate certs on it, but default was jdk11. I changed it to jdk1.8 with «jenv» and generate certs. How it works.
You can download jenv by brew. And some commands that I used
jenv versions
to check all versions of JDK
jenv global JDK
to set wanted jdk
java -version
to check it
answered Jul 18, 2022 at 14:19
Upgrade your JVM version — I moved from Java 8 to java 17 and it was fixed.
From Oracle:
In Java 8u301 release, a new fix went in to upgrade the default PKCS12 encryption algorithm, as noted in Java 8u301 release notes at https://www.oracle.com/java/technologies/javase/8all-relnotes.html#R180_301
➜ Upgraded the Default PKCS12 Encryption Algorithms
The default encryption algorithms used in a PKCS #12 keystore have been updated. The new algorithms are based on AES-256 and SHA-256 and are stronger than the old algorithms that were based on RC2, DESede, and SHA-1. See the security properties starting with keystore.pkcs12 in the java.security file for detailed information.
For compatibility, a new system property named keystore.pkcs12.legacy is defined that will revert the algorithms to use the older, weaker algorithms. There is no value defined for this property.
answered Mar 3 at 9:44
MartinsMartins
1,2312 gold badges14 silver badges17 bronze badges
The Keystore generation is different for Java v8 and Java v11.
Java v8 produces keystore of the jks format and I guess Java v11 produces keystore of type PKCS12 with ethe extension .p12.
What you could do is try converting the keystore of .jks format to .12 and try and vice versa. This might help.
Syntax:
To convert a PKCS12 (.p12) keystore to a JKS (.jks) keystore, please run the following command:
keytool -importkeystore -srckeystore key.p12 -srcstoretype pkcs12 -destkeystore key.jks -deststoretype jks
where key.p12 is the name of the p12 file and key.jks is the name of the jks keystore to be created.
The command to do the same is:
keytool -importkeystore -srckeystore kafkatools.truststore.jks -srcstoretype pkcs12 -destkeystore trust.jks -deststoretype jks
This is what I used myself and got rid of the invalid keystore issue.
Reference: https://knowledge.broadcom.com/external/article/151981/how-to-convert-a-pkcs12-p12-keystore-to.html
answered May 16 at 17:19
Here’s another reason: If you have multiple JDK versions on your system and generate a keystore with one version but try to import it using a different version, you’ll encounter the error. In my case, I used JDK 17 to create the keystore and JDK 8 to import it.
answered May 19 at 8:56
Problem
After JIRA has been upgraded, or configured for SSL, it is not able to be connected to, despite the process running.
The following appears in the Catalina log (for example catalina.2015-10-24.log):
24-Oct-2015 15:54:34.822 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"]
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:424)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:323)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:581)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:521)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:466)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:205)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:360)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:457)
Diagnosis
Environment
- JIRA is configured to use SSL, hosted by Tomcat.
Diagnostic Steps
- If this exception is found in the logs it’s highly likely this problem applies.
Cause
The Java Keystore (JKS) specified by Tomcat is in an invalid format. Tomcat by default expects it to be a JKS file, and this error can be thrown if it is a PKCS12 format (it’s a bit like expecting a BMP and it’s a JPG, in the image world).
Workaround
It may be possible to tell Java to use the appropriate format — this can be done with the following:
- Stop JIRA.
- Add the JVM argument
Djavax.net.ssl.trustStoreType=pkcs12as per Setting Properties and Options on Startup. - Start JIRA and test.
If this does not work, proceed to the Resolution.
Resolution
Go back to the provider who supplied the key (either the CA vendor or appropriate department) and request for a Java Keystore (JKS) with the following in it:
- A PrivateKeyEntry.
- Any intermediate certificates, in the form of trustedCertEntry.
It’s recommend to host JIRA behind a reverse-proxy as as Apache or Nginx as per the below:
- Integrating JIRA with Apache using SSL
- Configure Jira server to run behind a NGINX reverse proxy
com.android.ide.common.signing.KeytoolException: Failed to read key palash from store "D:MyApplication3.ideaworkspace.xml": Invalid keystore format
second error:Error:com.android.ide.common.signing.KeytoolException: Failed to read key palash from store "D:MyApplication3.ideaworkspace.xml": Invalid keystore format
third error:Error:java.io.IOException: Invalid keystore format
how to solve this three errors??????**
here is gradle console message————>
FAILURE: Build failed with an exception.