creating jks with pfx works in wm9.5 but not in wm10.3

Hi guys,

I’m facing a very strange issue right now. With an existing IS java service which loads a pfx file and converts it into a jks for usage in message signing later, it works in my 9.5 environment but erratically in my 10.3 environment.

The error thrown is when I used a another user’s pfx file issued by CA PostSignum in wm10.3 is but works fine in wm9.5:

java.security.KeyStoreException: Cannot store non-PrivateKeys: Service myPackage.services.utils:createUserJavaKeyStoreUI

It works when I used my own personal pfx issued by GlobalSign in both wm9.5 and wm10.3.

Do I need to add the root CA certs by CA PostSignum in the default jvm or IS truststores? Or could it be due to differences of implementation in wm10.3 environment OpenJDK by Azul Systems vs wm9.5 using Oracle’s JVM?