keytool : Certificate import gives error message - Keystore was tampered with, or password was incorrect

20
votes

My goal is to generate a certificate, export it in a file and import in JDK keystore.

In first step I have generated a self signed certificate using following command, providing password as 'password' for keystore and key:

keytool   -genkeypair  -keystore .keystore  -alias uasera  -keyalg RSA

In second step I exported the certificate using similar password and following command:

keytool  -exportcert  -keystore  .keystore  -alias usera  -file usera.crt

NOW!

I am trying to import this certificate in cacerts in JDK using similar password and following command but getting exception.

keytool -importcert -file usera.crt -keypass password  -keystore "C:\Program Files\Java\jdk1.7.0_13\jre\lib\security\cacerts"

ERROR

K:\java\certificates>keytool -importcert -file usera.crt -keypass password -keystore "C:\Program Files\Java\jdk1.7.0_13\jre\lib\security\cacerts" Enter keystore password: keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

2
javacertificatekeystorekeytool
-keypass specifies the password for the alias of a single key in the keystore. If you are specifying the password to the keystore file itself, you want to use -storepass.VGR

2 Answers

91
votes

I have got this sorted out. I was using my password that is 'password' to update cacerts keystore in JDK while default password for cacerts keystore is 'changeit'

0
votes

IF you're able to build your app from a PC, but you don't recall the password, here's what you can do to retrieve the password:

Method 1:

In your build.gradle, add println MYAPP_RELEASE_KEY_PASSWORD as below:

signingConfigs {
    release {
        if (project.hasProperty('MYAPP_RELEASE_STORE_FILE')) {
            storeFile file(MYAPP_RELEASE_STORE_FILE)
            storePassword MYAPP_RELEASE_STORE_PASSWORD
            keyAlias MYAPP_RELEASE_KEY_ALIAS
            keyPassword MYAPP_RELEASE_KEY_PASSWORD
            println MYAPP_RELEASE_KEY_PASSWORD
        }
    }
}

After that, run cd android && ./gradlew assembleRelease

Method 2:

Run keytool -list -v -keystore your <.keystore file path> e.g. keytool -list -v -keystore ./app/my-app-key.keystore.

It will ask for you to Enter keystore password: Just press enter key here. and you will be able to find mapped to Alias name:

Then, run grep -rn "<your alias name>" . in your terminal and you will be able to see your signing.json file as below:

./app/build/intermediates/signing_config/release/out/signing-config.json

The file will have your password in json format with key "mKeyPassword":" < your password > "