Never used the Keytool but I have deleted the Default keyring and recreated on a local PC to fix the corrupted .sth file.
You will have to re-import all of your local CA for all of your iSeries. But you have only one and it is expired, no difference.
Director of Information Services
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Peter Connell
Sent: Monday, January 27, 2014 3:08 PM
Subject: keytool on DEFAULT.KDB
I have a problem in that I can't change the password for the local CA on a test machine where the CA cert expired 5 ago.
It may be that the store was somehow created without a password. I'm not sure how to get around this.
Anyway I've tried to use keytool to show that I can list the CA store on another machine that's OK but that throws an error.
keytool -list -keystore /QIBM/USERDATA/ICSS/CERT/CERTAUTH/DEFAULT.KDB -storetype PKCS12
After being challenged for the password I get
keytool error: java.io.IOException: PFX parsing error, not a SEQUENCE.
Anybody ever listed the store using keytool?