I am trying to register a corporate certificate for https connection in OpenJDK
I ran the following command in OpenJDK
verion 8. It asked me to enter in the password. The default password for Oracle JDK is "changeit", but it doesn't work with OpenJDK
I have tried to use the password changeit
but it didn't work.
OpenJDK 8:
D:\java8\bin\keytool.exe -keystore "D:\java8\jre\lib\security\cacerts" -importcert -alias sds -file C:\Users\SDS\SDS.crt
OpenJDK version 11:
D:\jdk-11.0.2\lib\security>D:\jdk-11.0.2\bin\keytool.exe -keystore D:\jdk-11.0.2\lib\security\cacerts -importcert -alias sds -file C:\Users\SDS\SDS.crt
OpenJDK 8 :
keytool 오류: java.io.IOException: Keystore was tampered with, or password was incorrect
OpenJDK version 11, the same problem occurs:
Warning: use -cacerts option to access cacerts keystore
Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was
For OpenJDK 8, first double check the password:
cd D:\java8\jre\lib\security
keytool -list -keystore cacerts -storepass changeit
If it continues to give you the same error, find the exact version of your Java 8 installation and download the corresponding ZIP archive from AdoptOpenJDK (e.g. OpenJDK8U-jre_x64_windows_hotspot_8u212b04.zip).
Extract the cacerts
file (lib/security/cacerts
) and using a binary diff tool (e.g. fc) compare the contents of the cacerts
file from the downloaded archive to your local version. If they are not identical, it is possible that your D:\java8\jre\lib\security\cacerts
file has been modified.
You can follow a similar procedure for validating the OpenJDK 11's cacerts
file.
Also: you don't need to import the custom certificates into the the original D:\java8\jre\lib\security\cacerts
file. I personally rarely do that. Instead, keep the original but create a copy of it in a custom folder and add your corporate certificates to that. In your case, you can copy the cacerts
file from the ZIP file and move it to your home directory and add your corporate certificates to that, as you don't know the password for D:\java8\jre\lib\security\cacerts
.
Then when you run a Java program, configure it to use your custom cacerts
file instead of the default cacerts
file:
java -Djavax.net.ssl.trustStore=path/to/custom/cacerts
-Djavax.net.ssl.trustStorePassword=changeit
...
One more thing: ask your administrator -- maybe he has deliberately changed the password for the cacerts
file.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With