How to Change JKS KeyStore Private Key Password

When your keystore is compromised,  you must change the password of it…  Also when you are using/testing IDM products that are shipped with default keystores,  It is always better to use them by changing the default passwords.  Passwords of JKS files can be easily changed by using java keytool command as  following…

Use following keytool command to change the key store password

>keytool  -storepasswd  -new [new password ]  -keystore  [path to key store]

As an example, if you are changing password of wso2carbon.jks file whch is shipped with WSO2 Carbon products

asela@localhost:~/is/wso2is-5.0.0/repository/resources/security$ keytool -storepasswd -new newWso2carbon -keystore wso2carbon.jks
Enter keystore password: 

Use following keytool command to change private key password

 >keytool -keypasswd  -alias [Alias name for private key]  -keystore [path to key store]

Then it would promote for key store password,  private key password and new private key passwords.

As an example,

asela@localhost:~/is/wso2is-5.0.0/repository/resources/security$ keytool -keypasswd -alias wso2carbon -keystore wso2carbon.jks 
Enter keystore password: 
Enter key password for <wso2carbon>
New key password for <wso2carbon>: 
Re-enter new key password for <wso2carbon>: 

If you are not aware of the alias of private key, you can find it by listing the keystore details.    You can look for PrivateKeyEntry

asela@localhost:~/is/wso2is-5.0.0/repository/resources/security$ keytool -list -keystore wso2carbon.jks 
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 37 entries
wso2carbon.cert, Feb 26, 2010, trustedCertEntry, 
Certificate fingerprint (SHA1): 34:2F:8E:60:4F:95:2C:74:10:0A:62:4B:DC:35:51:91:4C:B1:AE:BD
wso2carbon, May 26, 2014, PrivateKeyEntry, 
Certificate fingerprint (SHA1): 6B:F8:E1:36:EB:36:D4:A5:6E:A0:5C:7A:E4:B9:A4:5B:63:BF:97:5D