Change keystore password from no password to a non blank password
Solution 1
Add -storepass to keytool arguments.
keytool -storepasswd -storepass '' -keystore mykeystore.jks
But also notice that -list command does not always require a password. I could execute follow command in both cases: without password or with valid password
$JAVA_HOME/bin/keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts
Solution 2
If you're trying to do stuff with the Java default system keystore (cacerts
), then the default password is changeit
.
You can list keys without needing the password (even if it prompts you) so don't take that as an indication that it is blank.
(Incidentally who in the history of Java ever has changed the default keystore password? They should have left it blank.)
Solution 3
On my system the password is 'changeit'. On blank if I hit enter then it complains about short password. Hope this helps
Related videos on Youtube
Matthew Kirkley
Updated on February 11, 2021Comments
-
Matthew Kirkley over 3 years
I have a jks keystore with no password. When I run the command
keytool -list -keystore mykeystore.jks
And it prompts me for the keystore password, I simply hit 'enter'.
Please note that the keystore password IS NOT the default java password of 'changeit'. It is blank
When I try to run
keytool -storepasswd -keystore mykeystore.jks
to change the password to a non blank string. It firsts prompts me for the current password. Simply hitting enter since it is blank says
keytool -storepasswd -keystore mykeystore.jks Enter keystore password: Keystore password is too short - must be at least 6 characters
Just to confirm with everyone that the password is not 'changeit'
keytool -storepasswd -keystore mykeystore.jks Enter keystore password: changeit keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
Any idea how I can change the keystore password if the existing password is blank?
-
Matthew Kirkley about 11 yearsThanks for your response. The password indeed wasn't blank! I didn't know that about the -list command not requiring a password.
-
the_marcelo_r almost 11 yearsThat's not working for me 'keytool -storepasswd -storepass '' -keystore mykeystore.jks' = keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
-
Alireza Fattahi over 6 years"You can list keys without needing the password" saved my day :) I find that we can always read the
Certificate Entry
from anykeystore
file without enteringkeystore
password -
duct_tape_coder over 5 years@theMarceloR Your password probably isn't actually blank.
-
JohannesB about 5 years@theMarceloR and anyone else - on Windows command-line use "" (double quotes) for empty string instead of single-quotes.
-
Snedden27 over 4 yearswhen I enter blank the list works but not when I enter changeit, making me think what is the prompt asking me
-
Mirko Cianfarani over 2 yearsI love you!!! You saved me