Configuring SSL for broker server

I’m trying to configure SSL for a broker server with the available jks keystore and truststore. I always get below error.

Error: Password verification error for keystore . The certificate file ‘’ was found, but it cannot be read. Permission is denied.: Error: Password verification error for keystore . The certificate file ‘’ was found, but it cannot be read. Permission is denied.

I tried using the pkcs12 converted from the cer inside the keystore, still the same. As I understand, only PEM & PKCS12 are accepted.

Please share your thoughts on how this configuration can be done using the available JKS keystore & truststore.

Hi Venkat,

Broker Server SSL config only allows for pem/cer format for the truststore.
KeyStore should always be PKCS12 type.
On Broker Client-Side (including Messaging-Admin in MWS) Truststore can be JKS.

When using intermediate CAs you should concat the intermediate CA together with root CA into one pem-file for truststore.
BrokerServer-PK and Certificate should then go to the PKCS12 file:
Concat certificate and pk to a combined pem-file and then convert it to PKCS12 by using openssl.

See Broker Administrators Guide for details.

Which Broker version are you running on?

Regards,
Holger

Hello Holger,

Thank you for your response. I managed to get this done by making a PKCS12 of the keystore and PEM of the truststore. As mentioned by you, configured JKS for truststore in the JMS alias.