keytool error Keystore was tampered with, or password was incorrect

Question

I am getting following error while generating certificates on my local machine.

C:\Users\abc>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

I think there is some problems in jdk version.I ran the same command on my collegues machine and it is working fine.

Please share your inputs.

Answer 1

I solved it by using the default password for cacerts keystore : 'changeit'

Answer 2

This answer will be helpful for new Mac User (Works for Linux, Window 7 64 bit too).

Empty Password worked in my mac . (paste the below line in terminal)

keytool -list -v -keystore ~/.android/debug.keystore

when it prompt for

Enter keystore password:  

just press enter button (Dont type anything).It should work .

Please make sure its for default debug.keystore file , not for your project based keystore file (Password might change for this).

Works well for MacOS Sierra 10.10+ too.

I heard, it works for linux environment as well. i haven't tested that in linux yet.

Answer 3

The default password for the debug keystore is android.

Answer 4

I have solve this issue by using default password "changeit".

Answer 5

Using changeit for the password is important too.

This command finally worked for me(with jetty):

 keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass changeit -validity 360 -keysize 2048

Answer 6

In tomcat 8.5 pay attention to write the correct name of attributes. This is my code on server.xml:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="conf/keystore" certificateKeystorePassword="mypassword" type="RSA"/>
    </SSLHostConfig>
</Connector>

You can visit https://tomcat.apache.org/tomcat-8.5-doc/config/http.html to see all attributes

Answer 7

Works on Windows

open command prompt (press Windows Key + R then type "cmd" without quotations in the appearing dialogue box and then press Enter Key).

then type the code sniff below :

1. cd C:\Program Files\Java\jdk1.7.0_25\bin

then type following command

2. keytool -list -keystore "C:/Documents and Settings/Your Name/.android/debug.keystore"

Then it will ask for Keystore password now. The default password is "android" type and enter or just hit enter "DONT TYPE ANY PASSWORD".

Answer 8

Check your home folder ~/.gradle/gradle.properties. Sometimes if you have gradle.properties in home directory it takes details from the there. Either you can change that or delete the files. Then it will take required details from your local folder.

Answer 9

If you are working on signing your Flutter App by following this guide Build and release an Android app and run in to this error. I hope this answer helps you.

In my case I changed the path to store my key.jks. This happened to me because I there was an existing file in that path.

keytool -genkey -v -keystore ~/key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias key

This command stores the key.jks file in your home directory. To store it elsewhere, change the argument you pass to the -keystore parameter.

In my case,

keytool -genkey -v -keystore /Users/Y/Desktop/X/key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias keyYour

i.e Y - Username and X - folder name

Then you will be prompted to Enter keystore password: and Re-enter new password:. Here you can use whatever password you want.

However, keep the keystore file private; don’t check it into public source control!

Answer 10

Empty password worked for me on my Mac

keytool -list -v -keystore ~/.android/debug.keystore 

hit Enter then It's show you

Enter keystore password:  

here just hit Enter for empty password

Answer 11

Summarizing the advices from this page, I finished up with the following:

keytool -genkeypair -keystore ~/.android/release.keystore -alias <my_alias> -storepass <my_cert_pass> -keyalg RSA

Then I got a set of questions regarding name, organization, location and password for my alias.

Answer 12

I fixed this issue by deleting the output file and running the command again. It turns out it does NOT overwrite the previous file. I had this issue when renewing a let's encrypt cert with tomcat

Answer 13

For me I solved it by changing passwords from Arabic letter to English letter, but first I went to the folder and deleted the generated key then it works.

Answer 14

In my case with Xamarin Forms 4.7 and Visual Studio 2019 16.7.0 Preview 3.1, the problem was version mismatch of lately updated Android Build tools (apksigner) and JDK. Updated JDK to latest and pointed the new JDK path on Tools->Options->Xamarin->Android Settings, and it works.

Answer 15

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

I solved my problem when I changed keystore path C:\MyWorks\mykeystore to C:\MyWorks\mykeystore.keystore.

Answer 16

In my case I was needed to have root access.

Answer 17

 [root@localhost Certificate]# openssl pkcs12 -export -in 
 /opt/Certificate/115c99f4c5aa98f5.crt -inkey /opt/Certificate/ravi.in.key -certfile 
/opt/Certificate/gd_bundle-g2-g1.crt -out RaviNew.p12

Enter Export Password: <Password>
Verifying - Enter Export Password: <Password>

Note :- Above Export Pasworrd write down anywhere because it is must to create JKS file ( It is depend on your choice what password you want to make )

  keytool -importkeystore -srckeystore DigiEduNew.p12 -srcstoretype pkcs12 -destkeystore finaldigiEdu.jks -deststoretype JKS
  Importing keystore DigiEduNew.p12 to finaldigiEdu.jks...
  Enter destination keystore password: <Any Password >
  Re-enter new password: <Any Password >
  Enter source keystore password: <.P12 Password >
  Entry for alias 1 successfully imported.
  Import command completed:  1 entries successfully imported, 0 entries failed or 
  cancelled



 Warning:
 The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 
 which is an industry standard format using "keytool -importkeystore -srckeystore 
 finaldigiEdu.jks -destkeystore finaldigiEdu.jks -deststoretype pkcs12".

Answer 18

Just upgraded to Android Studio 4.2 from 4.0. Apparently, Android Studio silently CHANGED my keystore password, which has been sitting there unchanged and working perfectly without incident for well over a year.

Just had to re-renter both passwords.

Sigh

Answer 19

If you already have a .store file, you have to use the same password as you did to generate it. So in my case the solution was:

rm *.store
rm *.cer

That may sound odd to you but I'm just trying to learn about keytool and am source controlling my tutorial files and rerunning them later!

Answer 20

you have two options:

cmd doesn't show the password on the screen while typing
so just type the correct passwd -and be careful- then press enter.

Or just use:

keytool -list -keystore 'keystoreName' -storepass 'type your keystore passwd'

and for Keys' full info, add -v:

keytool -v -list -keystore 'keystoreName' -storepass 'type your keystore passwd'