keytool error: java.io.IOException: Invalid keystore format when trying to manage tomcat.keystore

Document ID : KB000100662
Last Modified Date : 08/06/2018
Show Technical Document Details
Question:
I receive the keytool error: java.io.IOException: Invalid keystore format when I try to use the my JDK keytool to manage tomcat.keystore created by the proxyui . Does the proxyui use a different tool to create the tomcat.keystore?
I am using the following command:
"keytool -list -v -keystore /app/CA/secure-proxy/SSL/keys/tomcat.keystore -storepass MyPassword"

keytool error: java.io.IOException: Invalid keystore format java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) at java.security.KeyStore.load(KeyStore.java:1445) at sun.security.tools.keytool.Main.doCommands(Main.java:823) at sun.security.tools.keytool.Main.run(Main.java:366) at sun.security.tools.keytool.Main.main(Main.java:359)

Ā 
Answer:
I found out that the invalid keystore format error means what it says. It appears that the keytool defaults to jks format if the -storetype command is not specified. I discovered that the GUI creates the tomcat.keystore file in JCEKS format.
The proper syntax to use the keytool to list the contents of the tomcat.keystore in JCEKS format with a password of MyPassword is
keytool -list -storetype jceks -keystore tomcat.keystore -storepass MyPassword -v