applet signing - lost keystore password

Question

I have a question regarding the steps I should follow to use an old keystore (for which I've lost the password).

Is there any way to use the certificate I received from Verisign if I can't import that certificate into the original keystore (because I don't remember the password)?

--

The steps that led me here were:

1. I ran:

   keytool -genkey -keyalg rsa -keystore jarkeys -alias thekey -keysize 2048
   

2. Keytool requested the password, I entered at that time a password.

3. I filled in the organizational info, then I got the CSR and sent to Verisign.
4. Now I received the certificate, but I don't know how to use it since I can't add it to the Keystore.

Answer 1

Importing the certificate issued by Verisign back into the keystore is pointless. What you need is access to the private key, generated during the -genkey process.

One of the main purposes of the key password is to protect access to the private key, by encrypting the private (or secret) keys with it. You shouldn't be able to get the private key back without this password.

What you may be able to do is to re-generate a new CSR and ask Verisign to re-issue a certificate. Some CAs do this for free during the certificate validity period.