Migrate from JKS to PKCS12 #25529
Description
Description
- See https://openjdk.org/jeps/229
- Problems:
- Keystore usages and access are spread all over project
- Some places don't support keystore types and explicitly use JKS
- Provider selection usually respects Java defaults
- PKCS12 format has different behavior than JKS, tested on JDK11 (Temurin)
- PKCS12: when changing keystore password, keytool automatically changes passwords also to all keys using the same password
- JKS: You have to do that later