Hello, im trying to sideload an old app i developed using Tizen Studio 6.1 on a Samsung Watch3 which im trying to create a certificate (the old one expired already) but i am encountering PKCS#12 Error
“Key store type should be PKCS12 or any other valid entry” and the “java.security.Key.KeyStoreException: Key store type should be PKCS12 or any other valid entry” on the Java side. How to fix ? I am simply making my old watch still functional.
Hello,
Please check the comment:
Note that as distribution of Tizen watch app has already stopped in store, the Samsung certificate creation part will be deprecated and removed very soon.
Thank you
Shamima
Samsung Developer Program team
Hi Shamima. I tried to upgrade to 2.0.73 but the same error exists. Please help. From the comment you provided the mentioned error is about the Proxy connection. But this one , the error is on
“Key store type should be PKCS12 or any other valid entry” and the “java.security.Key.KeyStoreException: Key store type should be PKCS12 or any other valid entry”
Hello, i have the same issue exactly using Tizen Studio
+1. Looks like dev.tizen.samsung.com:443/apis/v2/ turned off and svdca.samsungqbe.com/apis/v3 produces wrong (not PKCS12 ?) results
The solution you described does not work. Nothing changes.
Fix has been released for TV. If you are trying for TV, it should work. Please check
Can you find “TV“ word in this topic title? I cannot. I ever tried TV cert to sign watch app with no success.
Hi Shamina, i can confirm that the fix works for TV option. The Mobile/Wearable option still encounters PKCS#12 errors.
I confirm the Mobile/Wearable option still encounters PKCS#12 errors.
This topic was not about the TV, but about the Galaxy Watch. What does TV have to do with this?
Hi all — I’m following this thread and I’m experiencing the same PKCS#12 / KeyStore problem when trying to create a Samsung watch author certificate on Linux. Below is a concise reproduction / status report of what I tried and the exact outputs I get. Hopefully this helps the team or someone who already solved it.
OS: Linux Mint 21.3 (Ubuntu 22.04 base)
Tizen Studio: latest installed (with Samsung Certificate Extension)
Device: Samsung smartwatch (Tizen) — connected over WLAN (sdb devices shows the watch)
I was able to successfully create a Samsung TV author certificate (produces a valid .p12).
→ So some certificate flows work, but watch cert generation fails.
When trying to create an author certificate for the watch, I repeatedly get:
Warning! Key store type should be PKCS12 or any other valid entry
and sometimes Java stack traces like:
java.security.KeyStoreException: Key store type should be PKCS12 or any other valid entry
Tizen creates author.crt, author.csr and author.pri, but no usable PKCS#12 bundle. Attempts to convert or use the files fail.
Installed and confirmed Samsung Certificate Extension via Package Manager.
Removed old keystore/profile folders and started from zero:
mv ~/.tizen-studio-data/keystore ~/.tizen-studio-data/keystore_backup
mv ~/.tizen-studio-data/certificate-profile ~/.tizen-studio-data/certificate-profile_backup
Created a new Samsung certificate profile in Certificate Manager → chose Create new Author Certificate.
Verified filesystem: Tizen produced a file ~/.tizen-studio-data/keystore/author/authorkey.p12 — but file reports it as generic data (not PKCS#12):
$ file ~/.tizen-studio-data/keystore/author/authorkey.p12
/home/apfel/TizenSDK-data/keystore/author/authorkey.p12: data
~/SamsungCertificate/testsam):# files present:
ls -l ~/SamsungCertificate/testsam
# author.crt, author.csr, author.pri (author.pri size ~1.3K)
openssl pkcs12 -export -in author.crt -inkey author.pri -out author.p12 -name "author_testsam"
# Error:
Could not read private key from -inkey file from author.pri
author.pri exists and is ~1.3K, but OpenSSL cannot read it. This strongly suggests the .pri file is not in a PEM/DER private key format OpenSSL supports (likely proprietary/IDE-specific format).
I also followed the advice in this thread (update Certificate Manager to v2.0.73) and attempted updates — no change for the watch certificate creation.
Verified ownership/permissions of keystore folders — everything owned by my user (no sudo/mix of privileges). Started Tizen Studio as normal user (not root).
TV certificate creation works and produces a valid .p12.
Watch certificate creation does not: the produced authorkey.p12 is not a valid PKCS#12 bundle (file shows data).
The .pri produced for the watch appears to be in a format OpenSSL cannot use.
Manual OpenSSL conversion fails with “Could not read private key”.
Is this a known bug in Certificate Manager (watch-related) where the server or cert manager returns non-PKCS#12 data for watch certs? (Possible endpoints mentioned in thread: dev.tizen.samsung.com / svdca.samsungqbe.com.)
Why does the TV certificate flow succeed while the watch flow produces invalid authorkey.p12 / private key format?
Are there official instructions or a Linux-specific workaround to produce a valid PKCS#12 for Samsung watch author certificates?
.p12?If watch certificate creation is deprecated, can Samsung provide guidance for continuing to develop/watchfaces (signing alternatives, migration path, or a direct signing service)?
Can Samsung publish a manual export method (or an official script) to convert the IDE-produced .pri/.crt into .p12, or fix the endpoint that provides PKCS#12 data?
file output for the broken authorkey.p12
ls -l of the generated author.* files (in ~/SamsungCertificate/testsam)
Certificate Manager logs (if you tell me exact log path to post)
sdb devices -l output showing the watch connected
Thanks in advance — I’m happy to provide any further logs or to test suggested fixes. At the moment this blocks development because I cannot sign/deploy watchfaces to the real device from Linux.
Heiko
pri-key is OK, PKCS#8
Look at my previous message: the bug is server-side. They mixed up the certificates. I hope they didn’t lose them and they’ll fix it, and then everything will work fine for us.
That makes a lot of sense – I was already wondering why my private key seemed fine but the generated .p12 was never valid.
If the error message is misleading and the real issue is that the certificate chain coming from the server is invalid, it explains why none of my local attempts helped.
It’s also good to know that the private key is OK (PKCS#8) and that this is a server-side problem.
So for now it seems we all just have to wait until Samsung fixes the certificate issue on their servers.
Thanks again for the analysis and confirmation – it really helps to clear up the confusion and reduce the frustration.
Thank you @olyen2007
Discussion is ongoing with the development team regarding Tizen Wearable/Mobile.
(post deleted by author)
Thank you Shamima.
Let’s go Samsung! Please, let’s rid of all the certificate requirements. We shouldn’t have this on an EOL device.