SSL Keystore Certificate Password

weenux28 · 03-05-2013, 05:06 PM

Hi all,

I'm new here and I'm not sure if this is the right place to post this question. I am having a problem with my generated pkcs12 file using keytool.

I run this command:
keytool -importkeystore -srckeystore client.jks -srcstorepass password -srcalias clientkey -destkeystore client.p12 -deststoretype PKCS12 -deststorepass password -destalias clientkey -noprompt

The file client.p12 is created and browser loads it and will ask for the password then the website will load normally. The problem is in google-chrome or any other browser can change the file's password by using "Export" certificate in settings-advance-manage certificates section of the browser. Then they can load it to other pc's browser using the password they set when exporting it.

Is there a way to prevent this? Thanks in advance

acid_kewpie · 03-06-2013, 09:52 AM

no, there's not. If you know a keystores password, you can open that keystore and extract the contents. Why is this a problem?

weenux28 · 03-06-2013, 11:00 AM

Ok got it. We just don't want our users change the password of the ssl certificate file and use it to a different pc, since we will not give them the password for that certificate, if they will be able to change it once it is on their browser, they can extract it and use it as they please once the password has been changed. Maybe as an administrator we'll just restrict some computer permissions. Thanks.