KafkaTool Offset Explorer: Unable to open the keystore using the given password

Question

I am calling a remote kafka broker from offset explorer using SSL without zookeeper. The configuration requires only setting a chroot path, bootstrapservers, and truststore/keystore locations and passwords. For some reason, it says that the keystore password is invalid.

Offset Explorer says that it is unable to open the keystore using the given password.

I can successfully access the broker and view topics using the keystore and truststore from a different application that is already deployed, however when I generate a new keystore from my local machine I get the password error shown below.

I have confirmed that the certificate and private key can access the broker via KCat CLI tool, skipping the keystore/truststore step.

Additionally, when accessing the keystore via keytool command in CLI, the password works as expected.

Why would this password not work in OffsetExplorer?

(Below bash script creates they keystore, $1 is the path to my signed certificate and $2 is the path to my private key)

# Converts the pem certificate/key to p12 format
# outputs certificate.p12 with the password set by -passout
openssl pkcs12 -export -in $1 \
-inkey $2 -out certificate.p12 \
-passin pass:helloworld -passout pass:helloworld
 
# Create the jks file using the p12 generated above
keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12 \
-srcstorepass helloworld -deststorepass helloworld \
-destkeypass helloworld -destkeystore $1-client.keystore.jks

Answer 1

The issue seems to be with Java 11 which is what my JAVA_HOME PATH variable was set to https://forums.oracle.com/ords/apexds/post/pkcs12-certificate-created-with-keytool-in-java-11-doesn-t-9510. The problem seems to be that any keystore created on Jdk11 can only be opened accessed by Jdk11. All other versions of java are compatible with each other.

By updating my script to reference a full filepath to a different Java version, the keystore was able to be utilized by Offset Explorer which looks to run Java Version 1.8

# Converts the pem certificate/key to p12 format
# outputs certificate.p12 with the password set by -passout
openssl pkcs12 -export -in $1 \
-inkey $2 -out certificate.p12 \
-passin pass:helloworld -passout pass:helloworld
 
# Create the jks file using the p12 generated above
C:/Programs/jdk-14.0.2/jdk-14.0.2/bin/keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12 \
-srcstorepass helloworld -deststorepass helloworld \
-destkeypass helloworld -destkeystore $1-client.keystore.jks