Problem
When replacing the certificates on a vCloud Director 9.5 installation, I ran the configure command and the following error occurred.
cryptographic error: trusted certificate entries are not password-protected keytool
Troubleshooting
Upon investigation of the keystore file it appeared that the entry type was trustedCertEntry
keytool -storetype JCEKS -list -v -keystore certs.ks <snip> Alias name: http Creation date: 29 Oct 2019 Entry type: trustedCertEntry </snip>
Resolution
Unfortunately it appears the certificates were added incorrectly. The Entry type should be PrivateKeyEntry rather than trustedCertEntry
1) Remove certificates from keystore
keytool -storetype JCEKS -keystore erts.ks -delete -alias consoleproxy keytool -storetype JCEKS -keystore certs.ks -delete -alias http
2) Re-add certificates to keystore
keytool -importkeystore -srckeystore http.pfx -srcstoretype PKCS12 -destkeystore certs.ks -deststoretype JCEKS -srcalias http -destalias http keytool -importkeystore -srckeystore consoleproxy.pfx -srcstoretype PKCS12 -destkeystore certs.ks -deststoretype JCEKS -srcalias consoleproxy -destalias consoleproxy
3) Check keystore:
keytool -storetype JCEKS -list -v -keystore certs.ks
Output should now be:
<snip> Alias name: http Creation date: 11 Nov 2019 Entry type: PrivateKeyEntry </snip>