JDK-8215694 : keytool cannot generate RSASSA-PSS certificates
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 12
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2018-12-20
  • Updated: 2020-06-09
  • Resolved: 2019-01-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 12 JDK 13 JDK 8 Other
11.0.5Fixed 12 b28Fixed 13Fixed 8u251Fixed openjdk8u252Fixed
Related Reports
Relates :  
When calling "keytool -genkeypair -keyalg rsa -sigalg rsassa-pss" to generate a certificate, an exception shown algorithm identifier mismatch. This is because we haven't encoded the parameters for the key algorithm in the X509CertInfo class.
Fix request (11u): Requesting backport of this item as predecessor to JDK-8216039. The Patch does not apply cleanly and needed to be edited. It was successfully reviewed on the mailing list: https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2019-June/001365.html Regression-tests at SAP look good. Updates to the new testcase (JDK-8222987 and JDK-8225257) are also requested to make it more robust.