JDK-8180819 No installed provider supports this key: sun.security.pkcs.PKCS8Key

Adam Petcher adam.petcher at oracle.com
Tue Nov 14 15:34:49 UTC 2017

On 11/13/2017 2:20 PM, Florian Bruckner (3kraft) wrote:

> Hi,
> have just stumbled upon a quite strange behavior in a SSL connection 
> with a client certificate.

Looks like your private key is BER encoded. I think this is supposed to 
be fine, but the code is being a bit too strict and rejecting it. There 
was a change around 8u121 that added some more DER enforcement. Can you 
try converting everything to DER to see if that clears up the problem? 
You can do this with openssl e.g.:

openssl pkcs12 -in pkcs12-file -out key-and-cert -nodes -passin pass:abcXYZ
openssl pkcs12 -in key-and-cert -export -out new-pkcs12-file -passout 

The JKS exception doesn't really provide a lot of information. It would 
be helpful if you could import the DER-formatted PKCS#12 file back into 
JKS and let me know if that works.

More information about the security-dev mailing list