NetWorker: keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect'

The NetWorker Runtime Environment (NRE) includes a keytool utility used to manage multiple keystore and truststore files.
The keytool command returns the following error when used to manage the NRE cacerts file:

# /opt/nre/java/latest/bin/keytool -list -keystore /opt/nre/java/latest/lib/security/cacerts -storepass 'password'
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

This issue can be caused by using the incorrect keystore password when attempting to run the keytool command. For example, the NetWorker authentication server (AUTHC) keystore password was used with the keytool command instead of the default NRE cacerts

The Java keystore password is not the same AUTHC keystore password that was set when installing NetWorker, but is instead the JAVA keystore password. The default password is changeit.

[root@nsr ~]# /opt/nre/java/latest/bin/keytool -list -keystore /opt/nre/java/latest/lib/security/cacerts -storepass changeit | grep emcauthctomcat
emcauthctomcat, Aug 19, 2025, trustedCertEntry,

C:\Program Files\NRE\java\jre1.8.0_411\bin>keytool.exe -list -keystore ..\lib\security\cacerts -storepass changeit | findstr emcauthctomcat
emcauthctomcat, Sep 5, 2025, trustedCertEntry,

If the NetWorker Runtime Environment (NRE) is installed, the Java Runtime Environment (JRE) folder is located:

• Linux: /opt/nre/java/latest
• Windows: C:\Program Files\NRE\java\jre#.#.#_#

Oracle Java Runtime Environment (JRE) can be found:

• Linux:  /usr/java/latest 
• Windows: C:\Program Files\Java (You must select the latest version folder)