Problem

Importing a PFX (PKCS#12) certificate file into the B2Bi platform fails with the following UI error:

“Unable to read PKCS#12 stream for PSE (certificateID)@hostname_cn / Error decrypting KeyStore”

The associated CN.log file contains a stack trace similar to:

ERROR [qtp1596002676-1193] (PSE) - Unable to read PKCS#12 stream for PSE certificate_id@hostname_cn / Error decrypting KeyStore
java.io.IOException: Error decrypting KeyStore
at com.cyclonecommerce.crossworks.provider.pkcs12.P12KeyStore.engineLoad(P12KeyStore.java:583)
...
Caused by: java.security.InvalidKeyException: Must be a PBEKey in RAW format (iaik.security.cipher.PBEKey)
at iaik.security.cipher.PBES2Cipher.a(Unknown Source)
...

Resolution

The error “Must be a PBEKey in RAW format” suggests that the encoding or use of special characters in the PFX password is causing the decryption to fail. It is recommended to create the PFX certificate bundle on the same machine as the B2Bi installation to ensure the encoding on the password is the same.