Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OpenJDK keytool password

Tags:

java

keytool

jsse

I am trying to register a corporate certificate for https connection in OpenJDK

I ran the following command in OpenJDK verion 8. It asked me to enter in the password. The default password for Oracle JDK is "changeit", but it doesn't work with OpenJDK

I have tried to use the password changeit but it didn't work.

OpenJDK 8:

D:\java8\bin\keytool.exe -keystore "D:\java8\jre\lib\security\cacerts" -importcert -alias sds -file C:\Users\SDS\SDS.crt

OpenJDK version 11:

D:\jdk-11.0.2\lib\security>D:\jdk-11.0.2\bin\keytool.exe -keystore D:\jdk-11.0.2\lib\security\cacerts -importcert -alias sds -file C:\Users\SDS\SDS.crt

OpenJDK 8 :

keytool 오류: java.io.IOException: Keystore was tampered with, or password was incorrect

OpenJDK version 11, the same problem occurs:

Warning: use -cacerts option to access cacerts keystore
Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was
like image 242
Jae Kim Avatar asked Oct 16 '22 13:10

Jae Kim


1 Answers

For OpenJDK 8, first double check the password:

cd D:\java8\jre\lib\security
keytool -list -keystore cacerts -storepass changeit

If it continues to give you the same error, find the exact version of your Java 8 installation and download the corresponding ZIP archive from AdoptOpenJDK (e.g. OpenJDK8U-jre_x64_windows_hotspot_8u212b04.zip).

Extract the cacerts file (lib/security/cacerts) and using a binary diff tool (e.g. fc) compare the contents of the cacerts file from the downloaded archive to your local version. If they are not identical, it is possible that your D:\java8\jre\lib\security\cacerts file has been modified.

You can follow a similar procedure for validating the OpenJDK 11's cacerts file.

Also: you don't need to import the custom certificates into the the original D:\java8\jre\lib\security\cacerts file. I personally rarely do that. Instead, keep the original but create a copy of it in a custom folder and add your corporate certificates to that. In your case, you can copy the cacerts file from the ZIP file and move it to your home directory and add your corporate certificates to that, as you don't know the password for D:\java8\jre\lib\security\cacerts.

Then when you run a Java program, configure it to use your custom cacerts file instead of the default cacerts file:

java -Djavax.net.ssl.trustStore=path/to/custom/cacerts
     -Djavax.net.ssl.trustStorePassword=changeit
     ...

One more thing: ask your administrator -- maybe he has deliberately changed the password for the cacerts file.

like image 109
Behrang Avatar answered Oct 19 '22 00:10

Behrang