Since a quick review of this mailing list does not mention this, let me be the first. The Apple java 1.5 update 6 and java 1.6 update 1 that occurred in early December changed the password on the java.home/lib/security/cacerts file. This broke an application of mine with a "keystore has been tampered with or incorrect password" error. Since we have our own keystore and truststore and I didn't even know about the system default cacerts, it took me a while to figure this out.
The class org.apache.ws.security.components.crypto.AbstractCrypto (line 135) is trying to load cacerts from that file and using the default password "changeit" if it hasn't been set by the "org.apache.ws.security.crypto.merlin.cacerts.password" property. I'm using cxf version 2.2.3. This change is not mentioned on the Apple Java update release notes because it did not seem important enough. To quote an Apple java engineer from the apple developers list "I don't believe any of us realized that digging around in the cacerts file was such a common practice". They may change it back if they get enough complaints. <[email protected]> Anyway maybe this will save someone some hours when your Mac application breaks after a Java update. BTW my solution was to use keytool to change the password back. sudo keytool -storepasswd -new changeit -keystore /System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/Contents/Home/lib/security/cacerts -storepass changeme Mary Thompson
