Changing passwords for the encryption KeyStore

You can change passwords for the encryption KeyStore.

About this task

The encryption.keystore password must be identical to the certificate password.

Procedure

  1. Stop the server.
  2. Open a command line window, and go to the app_data/conf directory.
  3. To view the alias of the secret key, run the following command:
    keytool -keystore encryption.keystore -list -storetype pkcs12 -storepass changeit
    Make a note of the alias of secret key, it is required in step 6. The keytool application is included in the Java developer kit and is not part of HCL DevOps Deploy (Deploy).
  4. Back up the encryption.keystore file.
  5. Change the encryption KeyStore password by using the following command:
    keytool -storepasswd -new newPassword -keystore encryption.keystore -storetype pkcs12 -storepass changeit
    The default password is changeit. Replace newPassword with your password of choice. The keytool application is included in the Java developer kit and is not part of Deploy.
  6. Change the secret key password by using the following command:
     keytool -keypasswd -alias XXX -keypass changeit -new newpassword -keystore encryption.keystore -storetype pkcs12 -storepass newpassword
    where alias is the one that you noted in step 3, and the encryption KeyStore password and the secret key password must be the same.
  7. In a text editor, open the server-install\conf\server\secured-installed.properties file. Specify the new encryption.keystore password in the following line of code:
     encryption.keystore.password=newPassword
    Note: The password that you specify here must be the same as the password for the encryption KeyStore password that you specified in step 5 and the secret key password that you specified in step 6.
  8. Start the server.

Results

Starting the server automatically encrypts the encryption.keystore password that you specified in the installed.properties file.