Oracle WebLogic Server - How to Change Password of Java Keystores

Please follow the steps outlined below in order to change the password of Java keystores in their production environment:

1. Set the environment by running setDomainEnv.cmd. (WLS_HOME\user_projects\domains\\bin)

2. Then go to cacerts path (JAVA_HOME\lib\security\cacerts):

3. Run the following command:

keytool -list -v -keystore cacerts

It will prompt for password: enter the password ("changeit" is the default cacert password).

4. Take a backup of the cacerts files.

5. Run the following command:

keytool -storepasswd -keystore cacerts

6. Confirm the password change by the following command:

keytool -list -v -keystore cacerts

7. Now in the console you can apply the new password for the java keystore passphrase.

8. Use the below command for changing the password of a custom keystore:

keytool -storepasswd -new new_storepass -keystore [your_custom_keystore.jks]

Here is a sample for cacerts:


$ORACLE_HOME\user_projects\domains\base_domain>cd $JDK_HOME\jdk160_18\jre\lib\security
$JDK_HOME\jdk160_18\jre\lib\security>keytool -list -v -keystore cacerts
Enter keystore password:changeit
$ORACLE_HOME\user_projects\domains\base_domain>keytool -storepasswd -new -keystore cacerts

Enter keystore password:
New keystore password:
Re-enter new keystore password: