Unable to load keystore : Invalid keystore format

MarcHulsman · November 21, 2022, 8:53am

Hi,

I am trying to setup Deployment Manager 5.5 as described in:
Pegasystems Documentation?
In here it says I have to create the JKS files, so I followed the steps in:
Pegasystems Documentation

I know that the keytool is a Java-tool, which comes at installing Java on your local computer. The syntax for using keytool is explained here: keytool-Key and Certificate Management Tool

The first step is to create a new self-signed certificate:
keytool -genkey -alias -keyalg RSA -keysize -keypass -keystore cluster-keystore.jks -storepass
So for me it looks like:
keytool -genkey -alias dmkeystore -keyalg RSA -keysize 2048 -keypass Password12! -keystore cluster-keystore.jks -storepass Password12!

The keysize has to be 2048, because the keyalg is RSA.

Now the cluster-keystore.jks is created, I login to the Pega environment and go to the keystore DMKeyStore and ‘Upload file’ and fill in the newly created ‘Keystore password’ Password12! and click on ‘Save’.

While tracing this, I can see an ERROR occuring in the Activity Data-Admin-Security-Keystore Validate, step 3:
(Data-Admin-Security-Keystore)Unable to load keystore : Invalid keystore format

I have looked the Pega documentation, previous discussions and still can’t figure out what I am doing wrong and how it should be done.

Can someone please help me?

Kind regards,
Marc

Atanu_Sen · December 13, 2022, 11:31am

@MarcHulsman - I am also facing similar issue. I kept the size at 1024.

Pega Support - please provide resolution.

MarijeSchillern · December 13, 2022, 12:16pm

@AtanuS17 @MarcHulsman please can you confirm that you also activated the key for application data encryption (ie the step after saving it)

Encrypting application data by using a custom key management service

Identify and activate the key for application data encryption.

In the header of Dev Studio, click Configure > System > Settings > Data Encryption.

In the Application data encryption section, in the Keystore field, enter the name of the keystore that you created in step 3.

Click Activate.

If you need an in-depth investigation into your issue, please log a support incident on the MSP.

Kishore_Sanagapalli · December 13, 2022, 12:26pm

@MarcHulsman

Hi,

You’ll need to generate Cluster-Keystore.jks Trust-store.jks file too using keytool commands. Out of those 2, you did generate one already. Once you generate the trust-store.jks file and upload it, The Issue will be fixed.

Atanu_Sen · December 14, 2022, 1:05pm

@KishoreSanagapalli - basically what you are saying id only the cluster-truststore.jks file needs to be uploaded to the keystore?

Atanu_Sen · December 14, 2022, 1:12pm

@MarijeSchillern - this keystore is for inter node communication encryption between Pega Deployment Manager Orchestrator and Candidate nodes.

Atanu_Sen · December 15, 2022, 1:37pm

@MarcHulsman -

An “Invalid keystore format” error occurs when a keystore is read by a JDK version lower than a keystore generated with JDK 8u301 and higher. - from google

Kishore_Sanagapalli · December 15, 2022, 2:20pm

@AtanuS17

Do let me know if you are still facing the issue, even after following all the below instructions

Kishore_Sanagapalli · December 15, 2022, 1:53pm

@AtanuS17

I mean to say that, You need to follow the steps listed in the below URL’s like generating Key store and Trust store JKS files. Post the generation, YOu’ll need to upload in the application.

URL’s to generate the .jks files

https://docs.pega.com/security/86/creating-keystorejks-and-truststorejks-files

Adding the .JKS files to Pega Platform

https://docs.pega.com/security/86/uploading-keystore-and-truststore-files

Creating Key Store Files

https://community.pega.com/sites/default/files/help_v83/procomhelpmain.htm#data-/data-admin-/data-admin-security-/data-admin-security-keystore/main.htm#_____________Keystores

Uploading the Key Store and Trust Store files

Uploading the keystore and truststore files | Pega

But from the latest error you have posted, I can see that Java JDK version mismatch is there. I assume, you’ll need to contact your middleware Team for that, even if the issue occured again upon upoloading the both Key store and Trust Store JKS files.

Note: At one point, generating the Key store and Trust store files will prompt you to trust them to your organization layer from Middleware Area. You’ll need to upload both .JKS files inside the application when you login too. Issue will be fixed then.

Conversation		Replies	Views
Issue with uploading certificate into Pega KeyStore. General case-management , data-integration , 8-7	5	349	January 23, 2024
Trustore for Connect-REST General pega-platform , 8-8-5	1	30	January 28, 2026
Configuring PEGA PDC using a custom keystore General pega-platform , installation-and-deployment , insurance , pega-diagnostic-center , 8-8-2 , 8-7-5 , system-cloud-ops-administrator	1	195	January 19, 2024
How to import the certificate into equivalent application server-level truststore Pega-as-a-Service system-architect , security , devops , 8-8-3	4	301	October 1, 2024
Pega Platform 8.8.3 - Encrypting system data by using a custom key management service General pega-platform , senior-system-architect , security , 8-8-3	11	322	November 14, 2025

Unable to load keystore : Invalid keystore format

Related topics