如何进入不受密码保护的 Java 密钥库或更改密码？

java keystore keytool atlassian-fisheye

2022-08-31 08:32:49

我正在尝试将受信任的证书导入到Java cacerts密钥库中，但我遇到了问题。我试图列出现有的可信证书，似乎密钥库没有密码保护。

$ keytool -list -keystore cacerts
Enter keystore password:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 76 entries

我尝试导入受信任的证书：

$ keytool -importcert -alias "JiraCert" -file /root/c9ssl.crt -keystore /etc/java-6-sun/security/cacerts
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Too many failures - try later

我还尝试将密码从“无”更改为：

$ keytool -storepasswd -keystore cacerts.back
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later

答案 1

这意味着 cacerts 密钥库不受密码保护

这是一个错误的假设。如果您仔细阅读，您会发现列表是在未验证密钥库的完整性的情况下提供的，因为您没有提供密码。该列表不需要密码，但您的密钥库肯定有密码，如以下所示：

为了验证其完整性，您必须提供密钥库密码。

Java的默认cacerts密码是“changeit”，除非你在Mac上，在那里它是“changeme”到某个点。显然，从Mountain Lion（基于此处的评论和另一个答案）开始，Mac的密码现在也是“changeit”，可能是因为Oracle现在也在处理Mac JVM的分发。

答案 2

缺省情况下，密钥库的密码为：“changeit”。我按照您在此处输入的命令运行，用于导入证书。我希望你已经解决了你的问题。