Enabling product encryption after upgrading

Enabling product encryption after upgrading from a version earlier than 10.1.

About this task

If you are upgrading from a version earlier than version 10.1, you can optionally enable encryption for key product files by performing the following steps on the master domain manager and on each agent in the environment:

Procedure

  1. Generate a new key by running the following keytool command:
    ./keytool -genseckey -alias new_alias_name -keyalg AES -keysize 256 
    -storepass encrypt_keystore_pwd_in_clear -storetype PKCS12 -keystore encrypt_keystore_file

    For high-level information about keytool parameters, see Command Reference.

  2. Create the stash file containing a password encoded in base64. You can store the file in a path of your choice.
  3. Add the following keys in the localopts file:
    encrypt keystore file
    The path to the keystore PKCS12 file, containing the AES-256 or AES-128 key.
    encrypt keystore pwd
    The path to the keystore stash file.
    encrypt label
    The label you assign to the new key in the keystore. This property is case insensitive.
    Consider the following example of the modifications to the localopts file:
    encrypt keystore file ="/opt/wa/TWA/TWS/ssl/key.p12" 
    encrypt keystore pwd ="/opt/wa/TWA/TWS/ssl/key.sth"
    encrypt label ="myalias"
    where
    encrypt keystore file
    corresponds to the -keystore encrypt_keystore_file parameter in the command provided in step 1.
    encrypt keystore pwd
    corresponds to the path of the stash file created in step 2.
    encrypt label
    corresponds to the -alias new_alias_name parameter in the command provided in step 1.

Results

The current Symphony plan keeps using the previous key. To apply the new setting to the Symphony plan, perform a restart of WebSphere® Application Server Liberty and then run the JnextPlan command. The message boxes are encrypted immediately and the useropts file is encrypted as soon as you save the localopts file and launch a CLI command. Key product files are now encrypted with the new key.