#281 – Keystores Galore

This week on the podcast, Kyle digs into the different Integration Broker processes and how messages are processed and Dan discusses some changes to simplify SSL management in PeopleTools.

Show Notes

Resetting a Lost pskey Password

Recently, I had to install a new certificate on a web server, but was unable to open the keystore where the private key was generated. At some point, the password for the pskey file has been changed (or not documented when set) so I was unable to open the file. I didn’t want to loose the private key, so I had to find a way to get into the keystore.

JKS files

The pskey file is just a JKS (Java KeyStore) file and has a well documented format. There isn’t a built-in way to reset the password using pskeymanager or keytool (without knowing the existing one), but we can rewrite the JKS file and add in a new password. This gist has two classes that you can compile to rewrite your pskey file.

This does not change the passwords on your private keys inside the keystore, just the password that opens the keystore itself.

Compile and Run

You will need to download the two classes and compile them. Save the files as:

  • ChangePassword.java
  • JKS.java

Make sure you have a JDK installed on your machine; you need to have the javac compiler. Compile the two classes with this command:

javac ChangePassword.java

After it compiles, you will have to new .class files. Copy your pskey from the web server to the folder where you compiled the two classes. Finally, let’s rewrite our pskey file with a new password:

java ChangePassword pskey pskey-new

You will be prompted to enter a new password. Now you have a new keystore file. The contents are the same, but the keystore password is reset. You can copy the pskey-new file to your web server and rename it back to pskey. If the password is new, you will need to update the Keystore tab in the WebLogic console, and update your integrationGateway.properties file.

This should be a last resort, but if you find yourself unable to open pskey you can always give this a try. Make to sure back up your pskey file before you try anything. You don’t want to try this and end up losing the keystore completely!