First export your certificates to a keystore and then import the keystore as a pkcs12 file. If you jave java installed you can use keytool command to accomplish both.

1) /jre/bin/keytool -importcert -alias cert1 -keystore keystore.jks -file Cert1.cer
2) /jre/bin/keytool -importkeystore -srckeystore keystore.jks -srcalias cert1 -destkeystore keystore.p12 -deststoretype PKCS12

首先将您的证书导出到密钥库，然后将密钥库作为 pkcs12 文件导入。如果你安装了 java，你可以使用 keytool 命令来完成这两个任务。

1) /jre/bin/keytool -importcert -alias cert1 -keystore keystore.jks -file Cert1.cer
2) /jre/bin/keytool -importkeystore -srckeystore keystore.jks -srcalias cert1 -destkeystore keystore.p12 -deststoretype PKCS12

Similar steps can be done using openssl too.

也可以使用 openssl 完成类似的步骤。

I got the same error and when it say's 'Do you want to quit the import process? [no]:' keep typing 'no'. It finally said: Import command completed: 1 entries successfully imported, 2 entries failed or cancelled.

我遇到了同样的错误，当它说“你想退出导入过程吗？[不]：'继续输入'不'。最后说：导入命令完成：1个条目成功导入，2个条目失败或取消。

It worked and all my certs were imported into the new format correctly.

它有效并且我所有的证书都正确导入到新格式中。

I just used a older version of keytool executable and the issue was resolved.

我刚刚使用了旧版本的 keytool 可执行文件，问题已解决。

the server on which you sign your certification $(hostname -f).pem should have the same java version as the nodes you plan to import cert like the following:

您签署证书 $(hostname -f).pem 的服务器应该与您计划导入证书的节点具有相同的 Java 版本，如下所示：

$JAVA_HOME/bin/keytool -importcert -alias $(hostname -f) -file /opt/cloudera/security/pki/$(hostname -f).pem -keystore /opt/cloudera/security/pki/$(hostname -f).jks

$JAVA_HOME/bin/keytool -importcert -alias $(hostname -f) -file /opt/cloudera/security/pki/$(hostname -f).pem -keystore /opt/cloudera/security/pki/$(hostname - f).jks

if you take lower version on the server to sign your certification but you take new java version on the nodes for TLS/SSL, you will see the warning.

如果您在服务器上使用较低版本来签署您的证书，但您在 TLS/SSL 的节点上使用新的 java 版本，您将看到警告。