When attempting to import a PFX certificate, you receive the following error:
An additional error message that may appear are as follows:
Error loading private certificate. Please verify password. Embedded error: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
The issue can occur when the provided *.PFX certificate container does not have an alias associated with a certificate. According to Java 7 documentation, a certificate must have an alias in order to be loaded into it's key store. To check the aliases within a PFX certificate, you can run the following command:
keytool -v -list keystore filename.pfx -storetype pkcs12
In order to attach the *.PFX certificate, it needs to be first converted to a *.PEM format and then *.P12 formatted should be exported from that file using OpenSSL. To do so, follow these steps:
- Open a command prompt and locate your OpenSSL tool.
- Run this command to convert the PFX certificate to PEM format:
openssl pkcs12 -in filename.pfx -out filename.pem -nodes
- Once converted, use your OpenSSL tool to export the P12 formatted certificate from the PEM file. Do this by running the following command:
openssl pkcs12 -export -in filename.pem -out filename.p12 -name "MyCert"
- Import the P12 formatted file to generate/create X.509 certificate that can be used in Boomi.