如何进入不受密码保护的Java密钥库或更改密码?


121

我正在尝试将受信任的证书导入Java cacerts密钥库,但是我遇到了问题。我试图列出现有的受信任证书,但似乎密钥库没有密码保护。

$ keytool -list -keystore cacerts
Enter keystore password:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 76 entries

我尝试导入受信任的证书:

$ keytool -importcert -alias "JiraCert" -file /root/c9ssl.crt -keystore /etc/java-6-sun/security/cacerts
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Too many failures - try later

我还尝试将密码从“无”更改为:

$ keytool -storepasswd -keystore cacerts.back
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later

Answers:


206

这意味着cacerts密钥库不受密码保护

这是一个错误的假设。如果您仔细阅读,则会发现该清单是在未验证密钥库完整性的情况下提供的,因为您没有提供密码。该清单不需要密码,但是您的密钥库肯定有密码,如以下所示:

为了验证其完整性,您必须提供密钥库密码。

Java的默认cacerts密码为“ changeit”,除非您使用的是Mac上的“ changeme”密码,直到特定点为止。显然,从Mountain Lion(基于注释和此处的另一个答案)开始,Mac的密码现在也变成了“ changeit”,这可能是因为Oracle现在也在处理Mac JVM的分发。


谢谢!我不知道为什么输入密码!
杰西·巴纳姆

2
是的,谢谢。多么糟糕的默认密码。我也不知道是什么。我只是删除了cacerts文件,然后将其替换为自己的文件。
HeyWatchThis 2012年

3
如下datasmid所述,如果您正在运行Mountain Lion,则Mac密码也是“ changeit”
Niro

19
“ Java的默认cacerts密码是“ changeit””:如果可以的话,+ 1000!谢谢Stackoverflow!
尼尔·瓦斯

55

默认情况下,密钥库的密码为:“ changeit”。我执行了您在此处输入的用于导入证书的命令。希望您已经解决了您的问题。



By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.