Reputation: 4208
Change keystore password from no password to a non blank password
I have a jks keystore with no password. When I run the command
keytool -list -keystore mykeystore.jks
And it prompts me for the keystore password, I simply hit 'enter'.
Please note that the keystore password IS NOT the default java password of 'changeit'. It is blank
When I try to run
keytool -storepasswd -keystore mykeystore.jks
to change the password to a non blank string. It firsts prompts me for the current password. Simply hitting enter since it is blank says
keytool -storepasswd -keystore mykeystore.jks
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Just to confirm with everyone that the password is not 'changeit'
keytool -storepasswd -keystore mykeystore.jks
Enter keystore password: changeit
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
Any idea how I can change the keystore password if the existing password is blank?
Upvotes: 58
Views: 212503
Answers (5)
Reputation: 91
Mine did actually have no password (rather than a blank password) so the solution above didn't work. The solution was to import the keystore to a new keystore:
keytool -importkeystore -srckeystore KeystoreWithNoPassword.jks -destkeystore NewKeystore.jks -deststorepass newPassword
Upvotes: 3
Reputation: 856
this way worked better for me:
echo y | keytool -storepasswd -storepass 123456 -keystore /tmp/IT-Root-CA.keystore -import -alias IT-Root-CA -file /etc/pki/ca-trust/source/anchors/IT-Root-CA.crt
machine running:
[root@rhel80-68]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.1 (Ootpa)
Upvotes: 0
Reputation: 856
On my system the password is 'changeit'. On blank if I hit enter then it complains about short password. Hope this helps
Upvotes: 2
Reputation: 96586
If you're trying to do stuff with the Java default system keystore (cacerts), then the default password is changeit.
You can list keys without needing the password (even if it prompts you) so don't take that as an indication that it is blank.
(Incidentally who in the history of Java ever has changed the default keystore password? They should have left it blank.)
Upvotes: 109
Reputation: 755
Add -storepass to keytool arguments.
keytool -storepasswd -storepass '' -keystore mykeystore.jks
But also notice that -list command does not always require a password. I could execute follow command in both cases: without password or with valid password
$JAVA_HOME/bin/keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts
Upvotes: 41
Related Questions
- Keystore change passwords
- Java's keytool doesn't prompt for key password
- Java: Keystore password same as Key(Certificate) password and updating it
- How to import a private key into a Java keystore without knowning the password
- How to change Password of KeyStore File in Java?
- java keystore and password changing
- KeyStore get key without password
- java keystore and password settings
- how to delete java keystore personal/private password
- Changing the password of a java keystore programmatically