如何进入非密码保护的Java密钥库或更改密码？ [英] How do I get into a non-password protected Java keystore or change the password?

问题描述

我正在尝试将受信任的证书导入 Java cacerts keystore ，但我有一个问题。我试图列出现有的可信证书，似乎密钥库没有密码保护。

I'm trying to import a trusted certificated into the Java cacerts keystore, but I have a problem. I tried to list existing trusted certificates and it seems that the keystore isn't password protected.

$ keytool -list -keystore cacerts
Enter keystore password:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 76 entries

我尝试导入可信证书：

$ keytool -importcert -alias "JiraCert" -file /root/c9ssl.crt -keystore /etc/java-6-sun/security/cacerts
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Enter keystore password:  
Keystore password is too short - must be at least 6 characters
Too many failures - try later

我还尝试将密码从无更改为：

I also tried to change the password from "none" to something:

$ keytool -storepasswd -keystore cacerts.back
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Too many failures - try later

推荐答案

这意味着什么cacerts密钥库没有密码保护

which means that cacerts keystore isn't password protected

这是一个错误的假设。如果您仔细阅读，您会发现列表是在未验证密钥库完整性的情况下提供的，因为您没有提供密码。该列表不需要密码，但您的密钥库肯定有密码，如下所示：

That's a false assumption. If you read more carefully, you'll find that the listing was provided without verifying the integrity of the keystore because you didn't provide the password. The listing doesn't require a password, but your keystore definitely has a password, as indicated by:

为了验证其完整性，你必须提供你的密钥库密码。

In order to verify its integrity, you must provide your keystore password.

Java的默认cacerts密码是changeit，除非你在Mac上，它是改变到某一点。显然，对于Mountain Lion（基于评论和此处的另一个答案），Mac的密码现在也是改变，可能是因为Oracle现在也处理Mac JVM的分发。

Java's default cacerts password is "changeit", unless you're on a Mac, where it's "changeme" up to a certain point. Apparently as of Mountain Lion (based on comments and another answer here), the password for Mac is now also "changeit", probably because Oracle is now handling distribution for the Mac JVM as well.

这篇关于如何进入非密码保护的Java密钥库或更改密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！