keytool error Keystore was tampered with, or password was incorrect
JavaKeystoreJava Problem Overview
I am getting following error while generating certificates on my local machine.
C:\Users\abc>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
I think there is some problems in jdk version.I ran the same command on my collegues machine and it is working fine.
Please share your inputs.
Java Solutions
Solution 1 - Java
I solved it by using the default password for cacerts keystore : 'changeit'
Solution 2 - Java
This answer will be helpful for new Mac User (Works for Linux, Window 7 64 bit too).
Empty Password worked in my mac . (paste the below line in terminal)
keytool -list -v -keystore ~/.android/debug.keystore
when it prompt for
Enter keystore password:
just press enter button (Dont type anything).It should work .
Please make sure its for default debug.keystore file , not for your project based keystore file (Password might change for this).
Works well for MacOS Sierra 10.10+ too.
I heard, it works for linux environment as well. i haven't tested that in linux yet.
Solution 3 - Java
From your description I assume you are on windows machine and your home is abc
So Now : Cause
When you run this command
keytool -genkey -alias tomcat -keyalg RSA
because you are not specifying an explicit keystore it will try to generate (and in your case as you are getting exception so to update) keystore C:\users\abc>.keystore and of course you need to provide old password for .keystore while I believe you are providing your version (a new one).
Solution
-
Either delete
.keystorefromC:\users\abc>location and try the command -
or try following command which will create a new xyzkeystore:
keytool -genkey -keystore xyzkeystore -alias tomcat -keyalg RSA
Note: -genkey is old now rather use -genkeypair althought both work equally.
Solution 4 - Java
Solution 5 - Java
I have solve this issue by using default password "changeit".
Solution 6 - Java
Using changeit for the password is important too.
This command finally worked for me(with jetty):
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changeit -validity 360 -keysize 2048
Solution 7 - Java
In tomcat 8.5 pay attention to write the correct name of attributes. This is my code on server.xml:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/keystore" certificateKeystorePassword="mypassword" type="RSA"/>
</SSLHostConfig>
</Connector>
You can visit https://tomcat.apache.org/tomcat-8.5-doc/config/http.html to see all attributes
Solution 8 - Java
Works on Windows
open command prompt (press Windows Key + R then type "cmd" without quotations in the appearing dialogue box and then press Enter Key).
then type the code sniff below :
- cd C:\Program Files\Java\jdk1.7.0_25\bin
then type following command
- keytool -list -keystore "C:/Documents and Settings/Your Name/.android/debug.keystore"
Then it will ask for Keystore password now. The default password is "android" type and enter or just hit enter "DONT TYPE ANY PASSWORD".
Solution 9 - Java
Check your home folder ~/.gradle/gradle.properties. Sometimes if you have gradle.properties in home directory it takes details from the there. Either you can change that or delete the files. Then it will take required details from your local folder.
Solution 10 - Java
If you are working on signing your Flutter App by following this guide Build and release an Android app and run in to this error. I hope this answer helps you.
In my case I changed the path to store my key.jks. This happened to me because I there was an existing file in that path.
keytool -genkey -v -keystore ~/key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias key
This command stores the key.jks file in your home directory. To store it elsewhere, change the argument you pass to the -keystore parameter.
In my case,
keytool -genkey -v -keystore /Users/Y/Desktop/X/key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias keyYour
i.e Y - Username and X - folder name
Then you will be prompted to Enter keystore password: and Re-enter new password:. Here you can use whatever password you want.
However, keep the keystore file private; don’t check it into public source control!
Solution 11 - Java
Empty password worked for me on my Mac
keytool -list -v -keystore ~/.android/debug.keystore
hit Enter then It's show you
Enter keystore password:
here just hit Enter for empty password
Solution 12 - Java
Summarizing the advices from this page, I finished up with the following:
keytool -genkeypair -keystore ~/.android/release.keystore -alias <my_alias> -storepass <my_cert_pass> -keyalg RSA
Then I got a set of questions regarding name, organization, location and password for my alias.
Solution 13 - Java
I fixed this issue by deleting the output file and running the command again. It turns out it does NOT overwrite the previous file. I had this issue when renewing a let's encrypt cert with tomcat
Solution 14 - Java
For me I solved it by changing passwords from Arabic letter to English letter, but first I went to the folder and deleted the generated key then it works.
Solution 15 - Java
In my case with Xamarin Forms 4.7 and Visual Studio 2019 16.7.0 Preview 3.1, the problem was version mismatch of lately updated Android Build tools (apksigner) and JDK. Updated JDK to latest and pointed the new JDK path on Tools->Options->Xamarin->Android Settings, and it works.
Solution 16 - Java
> keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
I solved my problem when I changed keystore path C:\MyWorks\mykeystore to C:\MyWorks\mykeystore.keystore.
Solution 17 - Java
In my case I was needed to have root access.
Solution 18 - Java
[root@localhost Certificate]# openssl pkcs12 -export -in
/opt/Certificate/115c99f4c5aa98f5.crt -inkey /opt/Certificate/ravi.in.key -certfile
/opt/Certificate/gd_bundle-g2-g1.crt -out RaviNew.p12
Enter Export Password: <Password>
Verifying - Enter Export Password: <Password>
Note :- Above Export Pasworrd write down anywhere because it is must to create JKS file ( It is depend on your choice what password you want to make )
keytool -importkeystore -srckeystore DigiEduNew.p12 -srcstoretype pkcs12 -destkeystore finaldigiEdu.jks -deststoretype JKS
Importing keystore DigiEduNew.p12 to finaldigiEdu.jks...
Enter destination keystore password: <Any Password >
Re-enter new password: <Any Password >
Enter source keystore password: <.P12 Password >
Entry for alias 1 successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or
cancelled
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12
which is an industry standard format using "keytool -importkeystore -srckeystore
finaldigiEdu.jks -destkeystore finaldigiEdu.jks -deststoretype pkcs12".
Solution 19 - Java
Just upgraded to Android Studio 4.2 from 4.0. Apparently, Android Studio silently CHANGED my keystore password, which has been sitting there unchanged and working perfectly without incident for well over a year.
Just had to re-renter both passwords.
Sigh
Solution 20 - Java
If you already have a .store file, you have to use the same password as you did to generate it. So in my case the solution was:
rm *.store
rm *.cer
That may sound odd to you but I'm just trying to learn about keytool and am source controlling my tutorial files and rerunning them later!
Solution 21 - Java
you have two options:
cmd doesn't show the password on the screen while typing
so just type the correct passwd -and be careful- then press enter.
Or just use:
keytool -list -keystore 'keystoreName' -storepass 'type your keystore passwd'
and for Keys' full info, add -v:
keytool -v -list -keystore 'keystoreName' -storepass 'type your keystore passwd'