Results 1 to 2 of 2

Thread: Java certificates keystore password isn't allowed to be changed

  1. #1
    Join Date
    Feb 2006
    Location
    France (Haute-Savoie)
    Posts
    123
    Rep Power
    9

    Exclamation Java certificates keystore password isn't allowed to be changed

    Hi all,

    I was configuring the SSL connexion for the web client, and for LDAPs connections (during authentication process), and I found on this forum the following command to add a new certificate to the jre's keystore :
    Code:
    keytool -import -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass "changeit" -alias <alias_name> -file <certfile_name>
    As you can see, the defaut password for this is changeit, so, I tried to change it (as it is said !!! ), with the following command found in the java keytool documentation :
    Code:
    keytool -storepasswd -new <new_keystore_pass> -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass <current_keystore_pass>
    Doing that, Tomcat didn't restart, so I had to go back this modification to be able to launch Tomcat ...

    I think this might be corrected, because it sounds like a part of Zimbra is currently using the default password ...

    Because I don't know if this was the good place here, I opened a support case ("Default keystore password" with "System Down" gravity).

  2. #2
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Yep changing the keystore pass will require you to make updates to the other places we reference that. The *fix* here may just be to document where we use this password and how to update all of them. A similar thing would happen if you directly changed the mysql or openLDAP password without using our wrapper scripts.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

Similar Threads

  1. [SOLVED] Installing existing SSL certificates (solved)
    By inigoml in forum Administrators
    Replies: 22
    Last Post: 02-24-2009, 09:32 AM
  2. 5.0 Install tasks
    By JoshuaPrismon in forum Installation
    Replies: 2
    Last Post: 06-06-2007, 12:18 PM
  3. httpd resident in memory but not accessible
    By AlexanderH in forum Installation
    Replies: 3
    Last Post: 05-11-2007, 09:19 AM
  4. Nothing's displayed after changed password?!?
    By chotima in forum Administrators
    Replies: 6
    Last Post: 01-26-2006, 07:29 PM
  5. Replies: 0
    Last Post: 12-04-2005, 01:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •