[java] How do I get into a non-password protected Java keystore or change the password?

I'm trying to import a trusted certificated into the Java cacerts keystore, but I have a problem. I tried to list existing trusted certificates and it seems that the keystore isn't password protected.

$ keytool -list -keystore cacerts
Enter keystore password:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 76 entries

I tried to import a trusted certificate:

$ keytool -importcert -alias "JiraCert" -file /root/c9ssl.crt -keystore /etc/java-6-sun/security/cacerts
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Too many failures - try later

I also tried to change the password from "none" to something:

$ keytool -storepasswd -keystore cacerts.back
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later

This question is related to java keystore keytool atlassian-fisheye

The answer is


Mac Mountain Lion has the same password now it uses Oracle.


Getting into a non-password protected Java keystore and changing the password can be done with a help of Java programming language itself.

That article contains the code for that:

thetechawesomeness.ideasmatter.info


The password of keystore by default is: "changeit". I functioned to my commands you entered here, for the import of the certificate. I hope you have already solved your problem.


which means that cacerts keystore isn't password protected

That's a false assumption. If you read more carefully, you'll find that the listing was provided without verifying the integrity of the keystore because you didn't provide the password. The listing doesn't require a password, but your keystore definitely has a password, as indicated by:

In order to verify its integrity, you must provide your keystore password.

Java's default cacerts password is "changeit", unless you're on a Mac, where it's "changeme" up to a certain point. Apparently as of Mountain Lion (based on comments and another answer here), the password for Mac is now also "changeit", probably because Oracle is now handling distribution for the Mac JVM as well.


Examples related to java

Under what circumstances can I call findViewById with an Options Menu / Action Bar item? How much should a function trust another function How to implement a simple scenario the OO way Two constructors How do I get some variable from another class in Java? this in equals method How to split a string in two and store it in a field How to do perspective fixing? String index out of range: 4 My eclipse won't open, i download the bundle pack it keeps saying error log

Examples related to keystore

What is difference between cacerts and keystore? Where is debug.keystore in Android Studio keytool error Keystore was tampered with, or password was incorrect How to add certificate chain to keystore? Default keystore file does not exist? How to list the certificates stored in a PKCS12 keystore with keytool? How to check certificate name and alias in keystore files? How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default? What certificates are trusted in truststore? Difference between .keystore file and .jks file

Examples related to keytool

Keytool is not recognized as an internal or external command I have never set any passwords to my keystore and alias, so how are they created? Importing the private-key/public-certificate pair in the Java KeyStore keytool error bash: keytool: command not found How to add certificate chain to keystore? Change keystore password from no password to a non blank password How can I create keystore from an existing certificate (abc.crt) and abc.key files? Openssl is not recognized as an internal or external command How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default? Java Keytool error after importing certificate , "keytool error: java.io.FileNotFoundException & Access Denied"

Examples related to atlassian-fisheye

How do I get into a non-password protected Java keystore or change the password?