JDK-8275306 : Remove the changeit password from keytool.html
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P4
  • Status: New
  • Resolution: Unresolved
  • Submitted: 2021-10-14
  • Updated: 2021-10-15
Description
https://docs.oracle.com/en/java/javase/17/docs/specs/man/keytool.html has

```
The cacerts file represents a system-wide keystore with CA certificates. System administrators can configure and manage that file with the keytool command by specifying jks as the keystore type. The cacerts keystore file ships with a default set of root CA certificates. For Linux, OS X, and Windows, you can list the default certificates with the following command:

keytool -list -cacerts

The initial password of the cacerts keystore file is changeit. System administrators should change that password and the default access permission of that file upon installing the SDK.
```

This needs to be updated.
Comments
Suggested edit: ``` The cacerts file represents a system-wide keystore with CA certificates. System administrators can configure and manage that file with the keytool command. The cacerts keystore file ships with a default set of root CA certificates. For Linux, OS X, and Windows, you can list the default certificates with the following command: keytool -list -cacerts The cacerts keystore file is released as a password-less PKCS12 file. System administrators should change the default access permission of that file upon installing the SDK. ``` In fact, I doubt how much value there is about "change the default access permission". The whole JDK should not be modified.
14-10-2021