Question for How to get PODM client.jks keystore password by keytool

[housemic]

Dear Intel
when I use keytool and /var/lib/pod-manager/client.jks to list valid date or generate client certificate ,
it prompt - Enter keystore password:
How to get PODM client.jks keystore password ?
thank you.
House

---

cd /var/lib/pod-manager/
user@podm1:/var/lib/pod-manager$
user@podm1:/var/lib/pod-manager$ keytool -v -list -keystore client.jks
Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at sun.security.tools.keytool.Main.doCommands(Main.java:933)
at sun.security.tools.keytool.Main.run(Main.java:366)
at sun.security.tools.keytool.Main.main(Main.java:359)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
... 7 more

---

cd /var/lib/pod-manager/

sudo keytool -importkeystore -srckeystore client.jks -destkeystore client.p12 -deststoretype pkcs12
Importing keystore client.jks to client.p12...
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

[tbykowsk]

Hi @housemic,

1. Passwords are stored in keystore called vault.jks which is located at /var/lib/pod-manager/vault. There is also vault.json which is vault configuration file - PLEASE DO NOT CHANGE IT - unless you change the vault keystore. More about vault can be found in PODM User Guide in Security section.

2. To retrieve password to client.jks you may use script called vault-decrypter.
   a) To retrieve keystore password:
   java -jar /usr/lib/pod-manager/vault-decrypter.jar --password-type keystore
   b) To retrieve key password:
   java -jar /usr/lib/pod-manager/vault-decrypter.jar --password-type key

[housemic]

Dear tbykowsk
the issue can be closed, thanks
House
commands are workable