Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OpenJDK keytool password

Tags:

java

keytool

jsse

I am trying to register a corporate certificate for https connection in OpenJDK

I ran the following command in OpenJDK verion 8. It asked me to enter in the password. The default password for Oracle JDK is "changeit", but it doesn't work with OpenJDK

I have tried to use the password changeit but it didn't work.

OpenJDK 8:

D:\java8\bin\keytool.exe -keystore "D:\java8\jre\lib\security\cacerts" -importcert -alias sds -file C:\Users\SDS\SDS.crt

OpenJDK version 11:

D:\jdk-11.0.2\lib\security>D:\jdk-11.0.2\bin\keytool.exe -keystore D:\jdk-11.0.2\lib\security\cacerts -importcert -alias sds -file C:\Users\SDS\SDS.crt

OpenJDK 8 :

keytool 오류: java.io.IOException: Keystore was tampered with, or password was incorrect

OpenJDK version 11, the same problem occurs:

Warning: use -cacerts option to access cacerts keystore
Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was
like image 242
Jae Kim Avatar asked Oct 16 '22 13:10

Jae Kim

1 Answers

For OpenJDK 8, first double check the password:

cd D:\java8\jre\lib\security
keytool -list -keystore cacerts -storepass changeit

If it continues to give you the same error, find the exact version of your Java 8 installation and download the corresponding ZIP archive from AdoptOpenJDK (e.g. OpenJDK8U-jre_x64_windows_hotspot_8u212b04.zip).

Extract the cacerts file (lib/security/cacerts) and using a binary diff tool (e.g. fc) compare the contents of the cacerts file from the downloaded archive to your local version. If they are not identical, it is possible that your D:\java8\jre\lib\security\cacerts file has been modified.

You can follow a similar procedure for validating the OpenJDK 11's cacerts file.

Also: you don't need to import the custom certificates into the the original D:\java8\jre\lib\security\cacerts file. I personally rarely do that. Instead, keep the original but create a copy of it in a custom folder and add your corporate certificates to that. In your case, you can copy the cacerts file from the ZIP file and move it to your home directory and add your corporate certificates to that, as you don't know the password for D:\java8\jre\lib\security\cacerts.

Then when you run a Java program, configure it to use your custom cacerts file instead of the default cacerts file: 

java -Djavax.net.ssl.trustStore=path/to/custom/cacerts
     -Djavax.net.ssl.trustStorePassword=changeit
     ...

One more thing: ask your administrator -- maybe he has deliberately changed the password for the cacerts file.

like image 109
Behrang Avatar answered Oct 19 '22 00:10

Behrang
Sign in to Comment

Related questions

Why open a non-existing package from a Java module?
Using Lambda and Streams in For each and returning result
Using Java to verify signature created in Golang
Timestamp for this request is outside of the recvWindow
Is there a way to provide default values for env variables in a properties file with apache-commons?
regexp to match simple markdown
What does java.lang.NoSuchMethodError: No virtual method fetchProvidersForEmail(Ljava/lang/String;)Lcom/google/android/gms/tasks/Task; mean?
How is string pool measured in terms of buckets in java
Which resources should be closed?
Graal native-image of swing app: Detected a started Thread in the image heap
How to avoid interstitial ad to reload after closing it
Clear array across all threads
What does new ClassName[0] do? (Java 8)
Spring Initializr Basic Project Won't Build
Displaying popup windows while running in the background?
Set ripple effect on Image View
Why runtime exception is unchecked exception?
Why is the finalize() method deprecated in Java 9?
Can't install Eclipse - "Failed to create the Java Virtual Machine" on Mac
Spring MVC 3: Returning XML through @ResponseBody

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!