That’s right, a store password is required when creating and accessing a PKCS12 keystore. It is used to en-/decrypt the collection of certs in the keystore.
A store password is also required when creating a JKS keystore. However, JKS permits a null password when accessing the keystore, to indicate that the keystore's integrity check can be skipped. If it helps then the PKCS12 implementation could be modified to use the empty password (“”) when a null password is supplied. On 6 Mar 2015, at 10:07, Wang Weijun <weijun.w...@oracle.com> wrote: > Hi Vinnie > > I noticed that without providing a storepass, all certificates in a pkcs12 > keystore is invisible, i.e. no TrustedCertEntry and PrivateKeyEntry has no > cert. This is quite different from the jks storetype. Is this avoidable? > > Thanks > Max >
