How do I get into a non-password protected Java keystore or change the password?
I'm trying to import a trusted certificated into the Java cacerts keystore, but I have a problem. I tried to list existing trusted certificates and it seems that the keystore isn't password protected.
$ keytool -list -keystore cacerts
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 76 entries
I tried to import a trusted certificate:
$ keytool -importcert -alias "JiraCert" -file /root/c9ssl.crt -keystore /etc/java-6-sun/security/cacerts
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later
I also tried to change the password from "none" to something:
$ keytool -storepasswd -keystore cacerts.back
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later
Solution 1:
which means that cacerts keystore isn't password protected
That's a false assumption. If you read more carefully, you'll find that the listing was provided without verifying the integrity of the keystore because you didn't provide the password. The listing doesn't require a password, but your keystore definitely has a password, as indicated by:
In order to verify its integrity, you must provide your keystore password.
Java's default cacerts password is "changeit", unless you're on a Mac, where it's "changeme" up to a certain point. Apparently as of Mountain Lion (based on comments and another answer here), the password for Mac is now also "changeit", probably because Oracle is now handling distribution for the Mac JVM as well.
Solution 2:
The password of keystore by default is: "changeit". I functioned to my commands you entered here, for the import of the certificate. I hope you have already solved your problem.
Solution 3:
In case if dealing with Google sign-in for android, the password for the debug keystore is android
, as specified in here: https://developers.google.com/android/guides/client-auth