Change Keystore Password
The default password for the keystore used by the Controller is changeit. This is the default password for the Jetty keystore, and is a well-known (and thus insecure) password. For a secure installation, you need to change it.
Changing keystore password should include setting the same passwords for all the keys as well.
By default, keystore.jks contains s1as and reporting-instance keys.
- Update the keystore password:
CODE
<JRE_HOME>/bin/keytool -storepasswd -keystore <controller_home>/appserver/jetty/etc/keystore.jks -storepass <current_password> -new <new_password> - Update the truststore password:
CODE
<JRE_HOME>/bin/keytool -storepasswd -keystore <controller_home>/appserver/jetty/etc/cacerts.jks -storepass <current_password> -new <new_password> - Update the password for keys:
CODE
<JRE_HOME>/bin/keytool -keypasswd -keystore <controller_home>/appserver/jetty/etc/keystore.jks -storepass <new_password> -alias s1as -keypass <current_password> -new <new_password> <JRE_HOME>/bin/keytool -keypasswd -keystore <controller_home>/appserver/jetty/etc/keystore.jks -storepass <new_password> -alias reporting-instance -keypass <current_password> -new <new_password> - Create obfuscated password for the keystore password <new_password>:
This command creates the obfuscated password. For example:CODE
<JRE_HOME>/bin/java -jar <controller_home>/tools/lib/scs-tool.jar obfuscate -plaintext <new_password>CODEExample obfuscated password: s_-001-12-H8v0OuZ2X/M=SOMM06ufKVOATetbV2BYxQ== - Update the obfuscated password in the Enterprise Console UI:
- Navigate to Configurations > Controller Settings > Appserver Configurations.
- In the JVM Options tab, update the following sections under SSL Context Config:
CODE
<Set name="KeyStorePassword"> <Call class="com.singularity.ee.util.security.credentialstore.ObfuscationWrapper" name="deobfuscateString"> <Arg>[Obfuscated Password]</Arg> </Call> </Set> <Set name="TrustStorePassword"> <Call class="com.singularity.ee.util.security.credentialstore.ObfuscationWrapper" name="deobfuscateString"> <Arg>[Obfuscated Password]</Arg> </Call> </Set> <Call class="java.lang.System" name="setProperty"> <Arg>javax.net.ssl.keyStorePassword</Arg> <Arg> <Call class="com.singularity.ee.util.security.credentialstore.ObfuscationWrapper" name="deobfuscateString"> <Arg>[Obfuscated Password]</Arg> </Call> </Arg> </Call> <Call class="java.lang.System" name="setProperty"> <Arg>javax.net.ssl.trustStorePassword</Arg> <Arg> <Call class="com.singularity.ee.util.security.credentialstore.ObfuscationWrapper" name="deobfuscateString"> <Arg>[Obfuscated Password]</Arg> </Call> </Arg> </Call> - Click Save.
- Update the new keystore password in Enterprise Console:
- Navigate to Configurations > Controller Settings > Appserver Configurations.
- In SSL Certificate Management, update the new Controller Keystore Password and confirm.
- Click Save.