×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
TrueSight Orchestration Platform 8.2 ... Planning Security planning

Specifying a keystore password

This topic describes how to specify a keystore password on any of the server components. You can specify the password as plain text, or you can specify a text string that you encrypted in the Maintenance Tool.

Note

The key and the keystore passwords must match. Due to a limitation of the underlying Tomcat engine, the keypass used when storing a key must be the same as the keystore password itself.

In the instructions on this page, AO_HOME represents the installation directory for  components.

To specify the keystore password as plain text on a server component

  1. Stop the TrueSight Orchestration services.
  2. On the computer for the server component, use a text editor to open the AO_HOME/tomcat/conf/server.xml file.

  3. Locate the <connector> element that contains the HTTPS protocol information, as shown in the following sample:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

  4. Append the following attribute to the connector element, and replace <password> with the new password: keystorePass="<password>".

    In the following example, myPassw0rd is the new keystore password:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystorePass="myPassw0rd" />
  5. Save the server.xml file.
  6. Restart the TrueSight Orchestration services.

    For additional information about the Apache Tomcat Servlet/JSP Container SSL Configuration, see documentation available at http://tomcat.apache.org/.

To specify an encrypted keystore password on a server component

  1. Stop the TrueSight Orchestration services for all peers.
    See, Starting and stopping product components and services
  2. Navigate to the <installationDirectory>/MaintainBMCAO directory, and start the maintenance tool. 
    • Windows: PlatformMaintenanceTool.cmd
    • UNIX: PlatformMaintenanceTool.sh 
  3. On the computer for the server component, open the AO_HOME/tomcat/conf/server.xml file in a text editor.

  4. Locate the <connector> element that contains the HTTPS protocol information, as shown in the following sample:

    <Connector SSLEnabled="true" URIEncoding="UTF-8"
keystoreFile="C:\Program Files\BMC
Software\BAO\REPO\tomcat\conf\.keystore" maxSwallowSize="-1"
maxThreads="150" port="28080" 
relaxedQueryChars="\{}^ `|&quot;#&lt;&gt;[]"
server="platform-web-server" useServerCipherSuitesOrder="true"
protocol="com.bmc.ao.catalina.connector.BAOHttp11NioProtocol"
keystorePass=" <encrypted-password>">

  5. Add the following property to the connector attribute:

               sslImplementationName="com.bmc.ao.catalina.connector.BAOSSLImplementation"
           keystorePass="<encrypted-password>"

  6. Using the Maintenance Tool, encrypt a password text string.

    1. On the TrueSight Orchestration Maintenance Tool window, click the Encrypt tab. 
    2. Type and confirm the password.
    3. Click Encrypt
      The encrypted password is displayed in the Encrypted password text box. 
    4. Copy the encrypted password.

  7. After copying the encrypted password from the Maintenance Tool, replace <encrypted-password> with the copied value, as in the following example:

    <Connector SSLEnabled="true" URIEncoding="UTF-8"
keystoreFile="C:\Program Files\BMC
Software\BAO\REPO\tomcat\conf\.keystore" maxSwallowSize="-1"
maxThreads="150" port="28080" 
relaxedQueryChars="\{}^ `|&quot;#&lt;&gt;[]"
server="platform-web-server" useServerCipherSuitesOrder="true"
protocol="com.bmc.ao.catalina.connector.BAOHttp11NioProtocol"
keystorePass=" <encrypted-password>">

  8. To avoid any issues with the encrypted password, perform these steps:

    1. Replace the value for the protocol element to com.bmc.ao.catalina.connector.BAOHttp11NioProtocol.

    2. Navigate to the AO_HOME/tomcat/webapps/servername/WEB-INF/lib directory, copy the security-common-<version>.jar file, navigate to the AO_HOME/tomcat/lib directory and paste the JAR file there.

  9. Save the server.xml file.
  10. Restart the TrueSight Orchestration services.
    Perform step 1 to 10 on all servers. 

Related topics

Using the Maintenance Tool to encrypt a password

Configuring TrueSight Orchestration to use HTTPS

Specifying a trust store password

Starting and stopping product components and services.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Adlapalli sunil kumar Achary on Nov 03, 2020
configuration_distribution_peer password cdp administration configuration access_manager high_availability ap lap activity_peer lightweight_activity_peer keystore service_pack_2

Comments

Log in or register to comment.

Using the Maintenance Tool to encrypt a password
Specifying a trust store password
© Copyright 2013 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.