I’m trying to configure SSL for a broker server with the available jks keystore and truststore. I always get below error.
Error: Password verification error for keystore . The certificate file ‘’ was found, but it cannot be read. Permission is denied.: Error: Password verification error for keystore . The certificate file ‘’ was found, but it cannot be read. Permission is denied.
I tried using the pkcs12 converted from the cer inside the keystore, still the same. As I understand, only PEM & PKCS12 are accepted.
Please share your thoughts on how this configuration can be done using the available JKS keystore & truststore.
Broker Server SSL config only allows for pem/cer format for the truststore.
KeyStore should always be PKCS12 type.
On Broker Client-Side (including Messaging-Admin in MWS) Truststore can be JKS.
When using intermediate CAs you should concat the intermediate CA together with root CA into one pem-file for truststore.
BrokerServer-PK and Certificate should then go to the PKCS12 file:
Concat certificate and pk to a combined pem-file and then convert it to PKCS12 by using openssl.
Thank you for your response. I managed to get this done by making a PKCS12 of the keystore and PEM of the truststore. As mentioned by you, configured JKS for truststore in the JMS alias.