Java Keystore – Does the passwords have to be same everywhere?

If I set the password to ABC123 for all prompts then the ActiveMq works fine.

But if I try to play around with different password I get a execption.

Can someone tell me where the passwords has to be same and where it should differ for security reason. And then finally what would be the keystore password and truststore password.

Step 1:

keytool -import -alias "CA" -file /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem -keystore truststore.jks  Enter keystore password: ABC123 

Step 2:

cat /etc/puppetlabs/puppet/ssl/private_keys/activemq.localhost.pem /etc/puppetlabs/puppet/ssl/certs/activemq.localhost.pem > temp.pem 

Step 3:

openssl pkcs12 -export -in temp.pem -out activemq.p12 -name activemq.localhost  Enter Export Password: XYZ123 

Step 4:

keytool -importkeystore -destkeystore keystore.jks -srckeystore activemq.p12 -srcstoretype PKCS12 -alias activemq.localhost  Enter destination keystore password: ABC123 Re-enter new password: ABC123 Enter source keystore password: XYZ123 

And then I try to use this sslContext.

<sslContext>     <sslContext       keyStore="/etc/activemq/keystore.jks"       keyStorePassword="ABC123"       trustStore="/etc/activemq/truststore.jks"       trustStorePassword="ABC123" /> </sslContext> 

But I get the following error. I even tried trustStorePassword as XYZ123 but still it fails.

Invocation of init method failed; nested exception is Cannot recover key