android certificate eclipse

“Debug certificate expired” error in Eclipse Android plugins


I am using Eclipse Android plugins to build a project, but I am
getting this error in the console window:

[2010-02-03 10:31:14 - androidVNC]Error generating final archive:
Debug certificate expired on 1/30/10 2:35 PM!

How do I fix it?


  • 8

    Can someone tell why does this happen?

    – Matical

    Jun 19, 2013 at 17:36

  • 2

    Does your system date changed, cause its of 25 year valid certificate(as recommended while signing application). its not event more than 5 year old specifically

    Jul 25, 2013 at 3:58

  • You need to create new keystore

    – codezoner

    May 19, 2015 at 3:57



Delete your debug certificate under ~/.android/debug.keystore on Linux and Mac OS X; the directory is something like %USERPROFILE%/.androidon Windows.

The Eclipse plugin should then generate a new certificate when you next try to build a debug package. You may need to clean and then build to generate the certificate.


  • 13

    On Windows I had to delete the debug.keystore and make some changes to get a new compile going. I created a new test project, and the new debug.keystore was generated.

    – Tomas

    Jun 8, 2010 at 13:37

  • 117

    It will also be re-generated for the current project if you ‘clean’ the project (go to Project -> Clean…)

    – adamnfish

    Jul 24, 2010 at 17:50

  • 11

    There is now a bug tracker issue requesting this to be fixed. Please vote for it.

    Mar 9, 2011 at 19:52

  • 61

    Clean did not fix the problem for me, I needed to rm ~/.android/debug.keystore by hand.

    May 2, 2011 at 18:26

  • 3

    @James Deleting the keystore by hand is the first part of the answer above. Cleaning the project (or rebuilding) is what you need to do to generate a new keystore.

    May 3, 2011 at 22:11


Upon installation, the Android SDK generates a debug signing certificate for you in a keystore called debug.keystore. The Eclipse plug-in uses this certificate to sign each application build that is generated.

Unfortunately a debug certificate is only valid for 365 days. To generate a new one you must delete the existing debug.keystore file. Its location is platform dependent – you can find it in Preferences – Android – Build – Default debug keystore.


  • 23

    A change to make the default 30 years was accepted on 6 Apr 2011:,22128

    May 2, 2011 at 18:55

  • If you delete your debug.keystore, how would you update your application?

    Jul 21, 2011 at 8:39

  • 6

    @user739375, the debug.keystore is only used for debugging, a separate certificate is used for “production”.

    Jan 1, 2012 at 1:43

  • @JamesMoore I really astonished that how old the certificate was

    Jul 25, 2013 at 4:02


It’s a pain to have to delete all your development .apk files, because the new certificate doesn’t match so you can’t upgrade them in all your AVDs. You have to get another development MAP-API key as well. There’s another solution.

You can create your own debug certificate in debug.keystore with whatever expiration you want. Do this in the .android folder under your HOME directory:

keytool -genkey -v -keystore debug.keystore -alias androiddebugkey -storepass android -keypass android -keyalg RSA -validity 14000

keytool.exe can be found in the JDK bin folder (e.g. C:\Program Files\Java\jdk1.6.0_31\bin\ on Windows).

ADT sets the first and last name on the certificate as “Android Debug”, the organizational unit as “Android” and the two-letter country code as “US”. You can leave the organization, city, and state values as “Unknown”. This example uses a validity of 14000 days. You can use whatever value you like.


  • 3

    I like this because it provides a more long-term fix until the SDK provides a better way to handle the expiring cert.

    Apr 5, 2011 at 16:36

  • 24

    I like this because I don’t need to use eclipse at all.

    – MattK

    Jun 30, 2011 at 1:50

  • I’m assuming that this is to be typed under the command line. If so, I get a “keytool is not recognized” error. Can you further explain this method?

    – Ted Betz

    Nov 18, 2011 at 19:17

  • 1

    keytool can be found in your JDK’s bin directory (any OS). I usually add this bin directory to my PATH so the above would work from anywhere. You could either find your JDK bin directory and add it to your PATH, or you could put the full pathname to keytool on the command line.

    Nov 26, 2011 at 20:55

  • 1

    As other commenters have pointed out, Google seems to have extended the default duration of the debug certificate so deleting the debug.keystore file and doing clean/build is much easier.

    Nov 26, 2011 at 21:06