Enabling product encryption after upgrading
Enabling product encryption after upgrading from a version earlier than 10.1.
About this task
If you are upgrading from a version earlier than version 10.1, you can optionally enable encryption for key product files by performing the following steps on the master domain manager and on each agent in the environment:
Procedure
-
Generate a new key by running the following keytool
command:
./keytool -genseckey -alias new_alias_name -keyalg AES -keysize 256 -storepass encrypt_keystore_pwd_in_clear -storetype PKCS12 -keystore encrypt_keystore_file
For high-level information about keytool parameters, see Command Reference.
- Create the stash file containing a password encoded in base64. You can store the file in a path of your choice.
-
Add the following keys in the localopts file:
- encrypt keystore file
- The path to the keystore PKCS12 file, containing the AES-256 or AES-128 key.
- encrypt keystore pwd
- The path to the keystore stash file.
- encrypt label
- The label you assign to the new key in the keystore. This property is case insensitive.
whereencrypt keystore file ="/opt/wa/TWA/TWS/ssl/key.p12" encrypt keystore pwd ="/opt/wa/TWA/TWS/ssl/key.sth" encrypt label ="myalias"
- encrypt keystore file
- corresponds to the -keystore encrypt_keystore_file parameter in the command provided in step 1.
- encrypt keystore pwd
- corresponds to the path of the stash file created in step 2.
- encrypt label
- corresponds to the -alias new_alias_name parameter in the command provided in step 1.