I am trying to register a corporate certificate for https connection in OpenJDK

I ran the following command in OpenJDK verion 8. It asked me to enter in the password. The default password for Oracle JDK is "changeit", but it doesn't work with OpenJDK

I have tried to use the password changeit but it didn't work.

OpenJDK 8:

D:\java8\bin\keytool.exe -keystore "D:\java8\jre\lib\security\cacerts" -importcert -alias sds -file C:\Users\SDS\SDS.crt

OpenJDK version 11:

D:\jdk-11.0.2\lib\security>D:\jdk-11.0.2\bin\keytool.exe -keystore D:\jdk-11.0.2\lib\security\cacerts -importcert -alias sds -file C:\Users\SDS\SDS.crt

OpenJDK 8 :

keytool 오류: java.io.IOException: Keystore was tampered with, or password was incorrect

OpenJDK version 11, the same problem occurs:

Warning: use -cacerts option to access cacerts keystore
Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was

For OpenJDK 8, first double check the password:

cd D:\java8\jre\lib\security
keytool -list -keystore cacerts -storepass changeit

If it continues to give you the same error, find the exact version of your Java 8 installation and download the corresponding ZIP archive from AdoptOpenJDK (e.g. OpenJDK8U-jre_x64_windows_hotspot_8u212b04.zip).

Extract the cacerts file (lib/security/cacerts) and using a binary diff tool (e.g. fc) compare the contents of the cacerts file from the downloaded archive to your local version. If they are not identical, it is possible that your D:\java8\jre\lib\security\cacerts file has been modified.

You can follow a similar procedure for validating the OpenJDK 11's cacerts file.

Also: you don't need to import the custom certificates into the the original D:\java8\jre\lib\security\cacerts file. I personally rarely do that. Instead, keep the original but create a copy of it in a custom folder and add your corporate certificates to that. In your case, you can copy the cacerts file from the ZIP file and move it to your home directory and add your corporate certificates to that, as you don't know the password for D:\java8\jre\lib\security\cacerts.

Then when you run a Java program, configure it to use your custom cacerts file instead of the default cacerts file:

java -Djavax.net.ssl.trustStore=path/to/custom/cacerts
     -Djavax.net.ssl.trustStorePassword=changeit
     ...

One more thing: ask your administrator -- maybe he has deliberately changed the password for the cacerts file.

I used AdoptOpenJDK but it gave me the same results. It's run on Windows 10 cmd with administrative privilege.

C:\Windows\system32>"C:\Program Files\AdoptOpenJDK\jdk-11.0.3.7-hotspot\bin\keytool"  -keystore  "C:\Program Files\AdoptOpenJDK\jdk-11.0.3.7-hotspot\lib\security\cacerts"  -importcert -alias sds -file C:\Users\SDS\SDS.crt
경고: -cacerts 옵션을 사용하여 cacerts 키 저장소에 액세스하십시오.
키 저장소 비밀번호 입력:
keytool 오류: java.io.IOException: Keystore was tampered with, or password was incorrect

I executed the following command and it says the key storage file exists (in Korean language).

C:\Program Files\AdoptOpenJDK\jdk-11.0.3.7-hotspot\bin>.\keytool -list -keystore "C:\Program Files\AdoptOpenJDK\jdk-11.0.3.7-hotspot\lib\security\cacerts" -storepass changeit
경고: -cacerts 옵션을 사용하여 cacerts 키 저장소에 액세스하십시오.
키 저장소 유형: JKS
키 저장소 제공자: SUN

키 저장소에 93개의 항목이 포함되어 있습니다.

verisignclass2g2ca [jdk], 2018. 6. 13., trustedCertEntry,
인증서 지문(SHA-256): 3A:43:E2:20:FE:7F:3E:A9:65:3D:1E:21:74:2E:AC:2B:75:C2:0F:D8:98:03:05:BC:50:2C:AF:8C:2D:9B:41:A1
digicertassuredidg3 [jdk], 2017. 12. 1., trustedCertEntry,
인증서 지문(SHA-256): 7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2
verisignuniversalrootca [jdk], 2017. 12. 1., trustedCertEntry,
인증서 지문(SHA-256): 23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C