Set-NexusCert.ps1 does not work

[Tabiskabis]

"chocolatey" | & $KeyTool -list -v -keystore C:\cert.pfx
results in
Enter keystore password: keytool error: java.io.IOException: keystore password was incorrect java.io.IOException: keystore password was incorrect at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2069) at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:238) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71) at java.security.KeyStore.load(KeyStore.java:1445) at sun.security.tools.keytool.Main.doCommands(Main.java:928) at sun.security.tools.keytool.Main.run(Main.java:368) at sun.security.tools.keytool.Main.main(Main.java:361) Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: java.io.IOException: getSecretKey failed: Password is not ASCII ... 7 more

System Details

• OS Build Windows Server 2019 10.0.17763.0
• Windows PowerShell version 5.1.17763.2867 (Edition: Desktop)
• Chocolatey version 1.1.0

[ryanrichter94]

@Tabiskabis Can you confirm what version of nexus-repository you are running please? Also does the certificate you are inputting into the script have a certificate password associated to it?

[Tabiskabis]

@ryanrichter94 We're on OSS 3.38.1, yes the pfx is encrypted with the expected password
Apparently, keytool.exe does not read passwords from stdin.

Workaround/fix: change the line $string = ("chocolatey" | & $KeyTool -list -v -keystore C:\cert.pfx) -match '^Alias.*'
to $string = (& $KeyTool -list -v -keystore C:\cert.pfx -storepass "chocolatey") -match '^Alias.*'