Sealer alias case sensitivity

Brent Putman putmanb at
Tue Dec 8 12:41:05 EST 2015

On 12/8/15 9:49 AM, Cantor, Scott wrote:
> On 12/8/15, 12:52 AM, "users on behalf of Yavor Yanakiev" <users-bounces at on behalf of yavor at> wrote:
>> The utility
>> changes upercase characters in the alias name to lowercase without any warning, if you want to use a custom alias with capital letters.
> If anything's doing that, it's probably Java. We're not doing anything but trimming it.

It is Java.  From the KeyStore Javadocs:

>> Whether aliases are case sensitive is implementation dependent. In
>> order to avoid problems, it is recommended not to use aliases in a
>> KeyStore that only differ in case.
I know from personal experience, and confirmed by googling, that
Oracle's standard (non-SecretKey) impl (type "JKS" from the SUN
provider) is case-insensitive, and always lowercases the alias that you
give it.  I would assume it's the same for the "JCEKS" type used here
for SecretKey support. ******************* Addendum: New to me, I did
just discover that they purportedly have a different impl (type
"CaseExactJKS") that supports case-sensitive aliases. [1]  I have not
tried it.  That probably does not provide the "JCEKS" and SecretKey
support needed here though.  Maybe they have a corresponding
"CaseExactJCEKS" or something, but I think you'd have to consistently
configure that type everywhere in the system.  I doubt it would be
worth the trouble. [1]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list