The default keystore password is simply “changeit” (no quotes).
Sometimes importing the key is the solution. If you do that, there are gotchas. Some key ones are:
- you need to point to the lib\cacerts as found in the JVM folder that CF is pointing to, in the java.home of the jvm.config—it may not be CF’s default jvm, so importing the cert there will do no good.
- you need to run the keytool at a command line that is running as admin (on Windows)
Then again, perhaps you don’t need to import a cert. Perhaps instead you need to update your JVM. Many have found that such SSL/TLS issues are fixed by updating that JVM that CF points to, to Java 8. CF8 runs on Java 1.6 and was never certified even for 7. And CF9 was never certified for 8. But some CF9 users have pointed it to Java 8 and solved such problems.
Updating the JVM CF uses is, on the surface, very easy. A 5-minute job if you know what you’re doing. If you don’t, it can leave you thinking CF is hosed with no choice but to reinstall. That is usually not necessarily. I discuss more in this post:
http://www.carehart.org/blog/client/index.cfm/2014/12/11/help_I_updated_CFs_JVM_and_it_wont_start
Finally, as for why this may be needed for some sites and not others you connect to, it’s often due to the web server of the destination site having changed what SSL/TLS encryption algorithms it will support. Perhaps the sites having trouble have implemented some tighter requirement than those that are working for you.
Let us know if you fix things or learn more.
/charlie
/Charlie (troubleshooter, carehart.org)
17
Replies
AdChoices