Do not use JCEKS Keystore format Identifies usage of the JCEKS keystore format, which is not supported in OpenJDK 11+ and Semeru runtimes. HIGH Security The JCEKS keystore format is no longer supported in OpenJDK 11+ and Semeru runtimes. Migrate to PKCS12 to avoid compatibility issues.
Do not use JCEKS Keystore format

The JCEKS keystore format was supported in IBM 8 but is not available in OpenJDK 11+ and Semeru runtimes. Applications using KeyStore.getInstance("JCEKS") may experience failures after migration.

This rule detects and flags the use of KeyStore.getInstance("JCEKS"). Developers should update their applications to use PKCS12 for compatibility.

Example of affected code:

KeyStore keystore = KeyStore.getInstance("JCEKS");

Recommended replacement:

KeyStore keystore = KeyStore.getInstance("PKCS12");

To convert an existing JCEKS keystore to PKCS12, use the following command:

keytool -importkeystore -srckeystore mykeystore.jceks -destkeystore mykeystore.p12 -srcstoretype JCEKS -deststoretype PKCS12

For more information, see the following resources: