NetWorker: keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect'

Summary: The NetWorker Runtime Environment (NRE) keytool command returns the following error when attempting to access the NRE cacerts file "keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect." ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

The NetWorker Runtime Environment (NRE) includes a keytool utility used to manage multiple keystore and truststore files.
The keytool command returns the following error when used to manage the NRE cacerts file:

# /opt/nre/java/latest/bin/keytool -list -keystore /opt/nre/java/latest/lib/security/cacerts -storepass 'password'
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

Cause

This issue can be caused by using the incorrect keystore password when attempting to run the keytool command. For example, the NetWorker authentication server (AUTHC) keystore password was used with the keytool command instead of the default NRE cacerts

Resolution

The Java keystore password is not the same AUTHC keystore password that was set when installing NetWorker, but is instead the JAVA keystore password. The default password is changeit.

Linux Example: 
[root@nsr ~]# /opt/nre/java/latest/bin/keytool -list -keystore /opt/nre/java/latest/lib/security/cacerts -storepass changeit | grep emcauthctomcat
emcauthctomcat, Aug 19, 2025, trustedCertEntry,

Windows Example:

C:\Program Files\NRE\java\jre1.8.0_411\bin>keytool.exe -list -keystore ..\lib\security\cacerts -storepass changeit | findstr emcauthctomcat
emcauthctomcat, Sep 5, 2025, trustedCertEntry,
NOTE: Since the output of this command may be long, the above example uses Operating system commands, grep (Linux) and findstr (Windows) to filter for the local NetWorker AUTHC tomcat certificate. On Windows hosts, the Java bin directory path differs depending on the NRE version installed.

Additional Information

NOTE: The keytool command is used to manage the CA certificates imported into NRE. This is required when integrating Secure Lightweight Directory Access Protocol (LDAPS) authentication with NetWorker: NetWorker: How To configure LDAPS Authentication

If the NetWorker Runtime Environment (NRE) is installed, the Java Runtime Environment (JRE) folder is located:

  • Linux: /opt/nre/java/latest
  • Windows: C:\Program Files\NRE\java\jre#.#.#_#


Oracle Java Runtime Environment (JRE) can be found:

  • Linux:  /usr/java/latest 
  • Windows: C:\Program Files\Java (You must select the latest version folder)

Affected Products

NetWorker

Products

NetWorker Family
Article Properties
Article Number: 000038944
Article Type: Solution
Last Modified: 11 Sept 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.