Specifying a keystore password
This topic describes how to specify a keystore password on any of the server components. You can specify the password as plain text, or you can specify a text string that you encrypted in the Maintenance Tool.
Note
The key and the keystore passwords must match. Due to a limitation of the underlying Tomcat engine, the keypass used when storing a key must be the same as the keystore password itself.
To specify the keystore password as plain text on a server component
- Stop the BMC Atrium Orchestrator services.
- On the computer for the server component, use a text editor to open the <installationDirectory>/tomcat/conf/server.xml file.
Locate the
<connector>
element that contains the HTTPS protocol information, as shown in the following sample:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
Append the following attribute to the
connector
element, and replace<password>
with the new password:keystorePass="<password>"
.
In the following example, myPassw0rd is the new keystore password:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystorePass="myPassw0rd" />
- Save the server.xml file.
- Restart the BMC Atrium Orchestrator services.
For additional information about the Apache Tomcat Servlet/JSP Container SSL Configuration, see documentation available at http://tomcat.apache.org/.
To specify an encrypted keystore password on a server component
Note
You can perform this procedure if you have installed 7.6.02 SP2 or later.
- Start the Maintenance Tool, as described in Using the Maintenance Tool to encrypt a password.
- Stop the BMC Atrium Orchestrator services.
- On the computer for the server component, use a text editor to open the <installationDirectory>/tomcat/conf/server.xml file.
Locate the
<connector>
element that contains the HTTPS protocol information, as shown in the following sample:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
Append the following property to the
connector
attribute:sslImplementationName="com.bmc.ao.catalina.connector.BAOSSLImplementation" keystorePass="<encrypted-password>"/>
- Using the Maintenance Tool, encrypt a password text string, as described in Using the Maintenance Tool to encrypt a password.
After copying the encrypted password from the Maintenance Tool, replace
<encrypted-password>
with the copied value, as in the following example:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" sslImplementationName="com.bmc.ao.catalina.connector.BAOSSLImplementation" keystorePass="b84f2299ca25a8040b2d022b56716490"/>
- Save the server.xml file.
- Restart the BMC Atrium Orchestrator services.
Related topics
Using the Maintenance Tool to encrypt a password
Configuring BMC Atrium Orchestrator to use HTTPS
Specifying a trust store password
Comments