I'm having a hard time trying to set a password on the PFX itself, not on the contained certificate. Let me try to explain
openssl pkcs12 -export -out internal-multidomain.pfx -inkey internalmultidomain.key -in internal-multidomain.cer -password pass:**********
Then I verify it using the following command
openssl pkcs12 -in internal-multidomain.pfx -info
and it prompts me, not for "Keystore password", but for the "Import password". But since I use another pwd for the import than for the private key, I do assume that I can understand it as "Keystore password" - BUT:
Using keytool, when applying the password I used when using OpenSSL and the password argument fails, there is no password, I have to use blank ref.
keytool -list -keystore internal-multidomain.pfx
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
1, Oct 15, 2022, PrivateKeyEntry,
Trying to use keytool and setpasswd to set/change the password fails, because since I'm forced to use a blank password, it fails like this
keytool -storepasswd -keystore internal-multidomain.pfx
Enter keystore password:
Keystore password is too short - must be at least 6 characters
And using the pwd I applied using openssl also fails, and even the private key fails. So...I'm lost.
All the above commands are just fine, but it turned out that the issue was caused by different versions of OpenSSL / Keytool hosted on different servers.