Change keystore password from no password to a non blank password

JavaSslOpensslKeytool

Java Problem Overview

I have a jks keystore with no password. When I run the command

keytool -list -keystore mykeystore.jks

And it prompts me for the keystore password, I simply hit 'enter'.

Please note that the keystore password IS NOT the default java password of 'changeit'. It is blank

When I try to run

keytool -storepasswd -keystore mykeystore.jks

to change the password to a non blank string. It firsts prompts me for the current password. Simply hitting enter since it is blank says

keytool -storepasswd -keystore mykeystore.jks
Enter keystore password:
Keystore password is too short - must be at least 6 characters

Just to confirm with everyone that the password is not 'changeit'

keytool -storepasswd -keystore mykeystore.jks
Enter keystore password:  changeit
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

Any idea how I can change the keystore password if the existing password is blank?

Java Solutions

Solution 1 - Java

If you're trying to do stuff with the Java default system keystore (cacerts), then the default password is changeit.

You can list keys without needing the password (even if it prompts you) so don't take that as an indication that it is blank.

(Incidentally who in the history of Java ever has changed the default keystore password? They should have left it blank.)

Solution 2 - Java

Add -storepass to keytool arguments.

keytool -storepasswd -storepass '' -keystore mykeystore.jks

But also notice that -list command does not always require a password. I could execute follow command in both cases: without password or with valid password

$JAVA_HOME/bin/keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts

Solution 3 - Java

On my system the password is 'changeit'. On blank if I hit enter then it complains about short password. Hope this helps

enter image description here

Solution 4 - Java

this way worked better for me:

echo y | keytool -storepasswd -storepass 123456 -keystore /tmp/IT-Root-CA.keystore -import -alias IT-Root-CA -file /etc/pki/ca-trust/source/anchors/IT-Root-CA.crt

machine running:

[root@rhel80-68]# cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.1 (Ootpa)
Categories
Recommended Java Solutions
Recommended Ssl Solutions
Recommended Openssl Solutions
Recommended Keytool Solutions

Previous Solution:

Java SSLHandshakeException "no cipher suites in common"

JavaSslSslhandshakeexception

Next Solution:

Why is forEach not working for children?

JavascriptFor LoopForeachParent Child

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionMatthew KirkleyView Question on Stackoverflow
Solution 1 - JavaTimmmmView Answer on Stackoverflow
Solution 2 - JavaijrandomView Answer on Stackoverflow
Solution 3 - JavaKaranView Answer on Stackoverflow
Solution 4 - JavaEduardo CerqueiraView Answer on Stackoverflow