I have an existing IS java service that is working in wm9.5 environment that creates a jks keystore from pfx files. However, recently when we migrate that same piece of code into wm10.3 environment, certain pfx files are not working in the wm10.3 environment. The error thrown is
Error java.security.KeyStoreException: Cannot store non-PrivateKeys: Service myPackage.services.utils:createUserJavaKeyStoreUI
However when I tried the same service with my own pfx file issued by GlobalSign, it works. The pfx files which didn’t work were issued by PostSignum. Do we need to add the root cert of PostSignum into the jvm truststore (cacerts)? Or could it be due to the different JVM implementation between 10.3 (Azul OpenJDK) and 9.5 (Oracle jvm)?
I’ve already tried adding the root certs for the PostSignum pfx into the jvm cacerts file. Is there something else that I can try to resolve this?