22

My goal is to generate a certificate, export it in a file and import in JDK keystore.

In first step I have generated a self signed certificate using following command, providing password as 'password' for keystore and key:

keytool   -genkeypair  -keystore .keystore  -alias uasera  -keyalg RSA

In second step I exported the certificate using similar password and following command:

keytool  -exportcert  -keystore  .keystore  -alias usera  -file usera.crt

NOW!

I am trying to import this certificate in cacerts in JDK using similar password and following command but getting exception.

keytool -importcert -file usera.crt -keypass password  -keystore "C:\Program Files\Java\jdk1.7.0_13\jre\lib\security\cacerts"

ERROR

K:\java\certificates>keytool -importcert -file usera.crt -keypass password -keystore "C:\Program Files\Java\jdk1.7.0_13\jre\lib\security\cacerts" Enter keystore password: keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

Cœur
  • 37,241
  • 25
  • 195
  • 267
Kalher
  • 3,613
  • 2
  • 24
  • 34
  • `-keypass` specifies the password for the alias of a single key in the keystore. If you are specifying the password to the keystore file itself, you want to use `-storepass`. – VGR Jun 06 '13 at 15:31

2 Answers2

98

I have got this sorted out. I was using my password that is 'password' to update cacerts keystore in JDK while default password for cacerts keystore is 'changeit'

Kalher
  • 3,613
  • 2
  • 24
  • 34
  • 2
    Thanks I was just about to post my related question when i stumbled upon this. With me the inverse was happening, I was using 'changeit' when i should have been using 'password' – L-Samuels Jun 02 '14 at 17:58
  • 1
    As an added note, if you're trying to use the `cacerts` keystore, you should use the `-cacerts` argument instead of `-keystore ` to handle it. – code_dredd Jun 20 '18 at 23:00
  • 1
    I never knew the default password is `changeit` – Edijae Crusar Jun 05 '19 at 10:40
0

IF you're able to build your app from a PC, but you don't recall the password, here's what you can do to retrieve the password:

Method 1:

In your build.gradle, add println MYAPP_RELEASE_KEY_PASSWORD as below:

signingConfigs {
    release {
        if (project.hasProperty('MYAPP_RELEASE_STORE_FILE')) {
            storeFile file(MYAPP_RELEASE_STORE_FILE)
            storePassword MYAPP_RELEASE_STORE_PASSWORD
            keyAlias MYAPP_RELEASE_KEY_ALIAS
            keyPassword MYAPP_RELEASE_KEY_PASSWORD
            println MYAPP_RELEASE_KEY_PASSWORD
        }
    }
}

After that, run cd android && ./gradlew assembleRelease

Method 2:

Run keytool -list -v -keystore your <.keystore file path> e.g. keytool -list -v -keystore ./app/my-app-key.keystore.

It will ask for you to Enter keystore password: Just press enter key here. and you will be able to find mapped to Alias name:

Then, run grep -rn "<your alias name>" . in your terminal and you will be able to see your signing.json file as below:

./app/build/intermediates/signing_config/release/out/signing-config.json

The file will have your password in json format with key "mKeyPassword":" < your password > "