Specifying a keystore password
This topic describes how to specify a keystore password on any of the server components. You can specify the password as plain text, or you can specify a text string that you encrypted in the Maintenance Tool.
Note
The key and the keystore passwords must match. Due to a limitation of the underlying Tomcat engine, the keypass used when storing a key must be the same as the keystore password itself.
In the instructions on this page, AO_HOME represents the installation directory for BMC Atrium Orchestrator components.
Important
When using the keystore/truststore password encryption feature in BMC Atrium Orchestrator 7.8.02 and later, Grid Manager stops responding and an error message is displayed.
For more information about this issue and the workaround, see DRAUM-1339 in the Known and corrected issues list.
To specify the keystore password as plain text on a server component
- Stop the BMC Atrium Orchestrator services.
- On the computer for the server component, use a text editor to open the AO_HOME/tomcat/conf/server.xml file.
Locate the
<connector>
element that contains the HTTPS protocol information, as shown in the following sample:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
Append the following attribute to the
connector
element, and replace<password>
with the new password:keystorePass="<password>"
.
In the following example, myPassw0rd is the new keystore password:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystorePass="myPassw0rd" />
- Save the server.xml file.
- Restart the BMC Atrium Orchestrator services.
For additional information about the Apache Tomcat Servlet/JSP Container SSL Configuration, see documentation available at http://tomcat.apache.org/.
To specify an encrypted keystore password on a server component
Note
This procedure works with BMC Atrium Orchestrator versions 7.6.02 SP2 or later.
- Start the Maintenance Tool, as described in Using the Maintenance Tool to encrypt a password.
- Stop the BMC Atrium Orchestrator services.
- On the computer for the server component, use a text editor to open the AO_HOME/tomcat/conf/server.xml file.
Locate the
<connector>
element that contains the HTTPS protocol information, as shown in the following sample:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" />
Append the following property to the
connector
attribute:sslImplementationName="com.bmc.ao.catalina.connector.BAOSSLImplementation" keystorePass="<encrypted-password>"
- Using the Maintenance Tool, encrypt a password text string, as described in Using the Maintenance Tool to encrypt a password.
After copying the encrypted password from the Maintenance Tool, replace
<encrypted-password>
with the copied value, as in the following example:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" sslImplementationName="com.bmc.ao.catalina.connector.BAOSSLImplementation" keystorePass="b84f2299ca25a8040b2d022b56716490"/>
- Save the server.xml file.
- Restart the BMC Atrium Orchestrator services.
Related topics
Using the Maintenance Tool to encrypt a password
Configuring BMC Atrium Orchestrator to use HTTPS
Specifying a trust store password
Comments
Log in or register to comment.