Skip navigation.
Home
mattfleming.com
Home » personal blog

Java Update for Mac OSX changes the default keystore password

Submitted by Matt Fleming on Mon, 2009-12-14 15:54.

Apple LogoApple decided to change the well-known password of the default Java truststore in their latest updates. I'll file this one under a Let's change the thing and see who complains category.

If you install either:

  • Java for Mac OS X 10.6 Update 1 - Java for Mac OS X 10.6 Update 1
  • Java for Mac OS X 10.5 Update 6 - Java for Mac OS X 10.5 Update 6

The password for the cacerts file was changed to changeme from the usual Sun password of changeit The system cacerts file is located @/Library/Java/Home/lib/security/cacerts

I think they're going to change it back to the original though, but you have two options as a recourse:

  1. Switch all programs that need to access the default truststore to use changeme.
  2. Change the truststore password: sudo keytool -storepasswd -new changeit -keystore /Library/Java/Home/lib/security/cacerts -storepass changeme
»

This update replaces the

Submitted by omidiu on Sat, 2010-01-16 15:05.

This update replaces the Java cacerts file and changes the password from changeit to changeme. The file is:
/System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/Contents/Home/lib/security/cacerts

Zimbra references this file as:
/opt/zimbra/java/lib/security/cacerts

There are two methods you can use to avoid problems: change the cacerts password back to the old value; change Zimbra to use the new password. The key question is whether Apple is going to change the password back in the future. In the discussion above, the Apple engineer suggests that people submit bug requests to have the password changed back.

If you believe that Apple will change the password back to changeit, here is what you should do:

1) zmcontrol stop
2) apply Java update
3) reboot
4) sudo keytool -storepasswd -new changeit -keystore /opt/zimbra/java/lib/security/cacerts -storepass changeme

If you believe that Apple will leave the password as changeme, here is what you should do:

1) zmcontrol stop
2) zmlocalconfig -e mailboxd_truststore_password=changeme
3) apply Java update
4) reboot

_____________________________

omidiu part of Traduceri autorizate team

»