I need to convert PFX to Java Key Store, so I followed the example provided (changing by paths and passwords appropriately) from this CTW document: Scripting | Certify The Web Docs
A handful of months ago, I was able to create a .ps1 file that completed the task. However, when the certificate went to auto-renew, there was suddenly an issue with the script. While the deployment task runs successfully in CTW, the .jks file is not updated/created.
Instead, in the CTW log I get the following “illegal option” notice:
[INF] Illegal option: C:/some_path/example.jks
The “illegal” path in question is the one set to the $dest_jks_file variable. I have tried various different paths in my system, but it doesn’t seem to make a difference. The notice still occurs.
Has anyone run into a similar issue? I’d love to get this solved!
Our keytool example was very recently updated in the docs, are you using the latest version or is your script from an old version? We found that -noprompt was needed to avoid the process hanging waiting for input and that the output needed to be redirected to avoid keytool sending normal output to the powershell error stream.
Looking at our example I see we have deststoretype set to JKS but in my own working script its pkcs12:
keytool -noprompt -importkeystore -srckeystore $result.ManagedItem.CertificatePath -srcstoretype pkcs12 -destkeystore C:\temp\certify\powershell\keytool-keystore3.jks -deststoretype pkcs12 -deststorepass testing -srcstorepass test *>&1
Can you try changing the deststoretype to pkcs12 and confirm if that works ok? If so we can update the example.
I should add that I’ve no idea what destination keystore type you do need and it probably depends what’s consuming the keystore.