When your keystore is compromised, you must change the password of it… Also when you are using/testing IDM products that are shipped with default keystores, It is always better to use them by changing the default passwords. Passwords of JKS files can be easily changed by using java keytool command as following…
Use following keytool command to change the key store password
>keytool -storepasswd -new [new password ] -keystore [path to key store]
As an example, if you are changing password of wso2carbon.jks file whch is shipped with WSO2 Carbon products
asela@localhost:~/is/wso2is-5.0.0/repository/resources/security$ keytool -storepasswd -new newWso2carbon -keystore wso2carbon.jks Enter keystore password: asela@localhost:~/is/wso2is-5.0.0/repository/resources/security$
Use following keytool command to change private key password
>keytool -keypasswd -alias [Alias name for private key] -keystore [path to key store]
Then it would promote for key store password, private key password and new private key passwords.
As an example,
asela@localhost:~/is/wso2is-5.0.0/repository/resources/security$ keytool -keypasswd -alias wso2carbon -keystore wso2carbon.jks Enter keystore password: Enter key password for <wso2carbon> New key password for <wso2carbon>: Re-enter new key password for <wso2carbon>: asela@localhost:~/is/wso2is-5.0.0/repository/resources/security$
If you are not aware of the alias of private key, you can find it by listing the keystore details. You can look for PrivateKeyEntry
asela@localhost:~/is/wso2is-5.0.0/repository/resources/security$ keytool -list -keystore wso2carbon.jks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 37 entries wso2carbon.cert, Feb 26, 2010, trustedCertEntry, Certificate fingerprint (SHA1): 34:2F:8E:60:4F:95:2C:74:10:0A:62:4B:DC:35:51:91:4C:B1:AE:BD wso2carbon, May 26, 2014, PrivateKeyEntry, Certificate fingerprint (SHA1): 6B:F8:E1:36:EB:36:D4:A5:6E:A0:5C:7A:E4:B9:A4:5B:63:BF:97:5D