Specifying a keystore password

This topic describes how to specify a keystore password on any of the server components. You can specify the password as plain text, or you can specify a text string that you encrypted in the Maintenance Tool.

Note

The key and the keystore passwords must match. Due to a limitation of the underlying Tomcat engine, the keypass used when storing a key must be the same as the keystore password itself.

To specify the keystore password as plain text on a server component

  1. Stop the BMC Atrium Orchestrator services.
  2. On the computer for the server component, use a text editor to open the <installationDirectory>/tomcat/conf/server.xml file.

  3. Locate the <connector>element that contains the HTTPS protocol information, as shown in the following sample:

    Sample server.xml file with the Connector element
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                   maxThreads="150" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" />

  4. Append the following attribute to the connector element, and replace <password> with the new password: keystorePass="<password>".

    In the following example, myPassw0rd is the new keystore password:
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                   maxThreads="150" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" keystorePass="myPassw0rd" />
  5. Save the server.xml file.
  6. Restart the BMC Atrium Orchestrator services.
    For additional information about the Apache Tomcat Servlet/JSP Container SSL Configuration, see documentation available at http://tomcat.apache.org/.

To specify an encrypted keystore password on a server component

  1. Start the Maintenance Tool, as described in Using-the-Maintenance-Tool-to-encrypt-a-password.
  2. Stop the BMC Atrium Orchestrator services.
  3. On the computer for the server component, use a text editor to open the <installationDirectory>/tomcat/conf/server.xml file.
  4. Locate the <connector>element that contains the HTTPS protocol information, as shown in the following sample:
Click here to expand...
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

  1. Append the following property to the connectorattribute:

               SSLImplementation="com.bmc.ao.catalina.connector.BAOSSLImplementation"
               keystorePass="<encrypted-password>"/>
  2. Using the Maintenance Tool, encrypt a password text string, as described in Using-the-Maintenance-Tool-to-encrypt-a-password.
  3. After copying the encrypted password from the Maintenance Tool, replace <encrypted-password>with the copied value, as in the following example:
Click here to expand...
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           SSLImplementation="com.bmc.ao.catalina.connector.BAOSSLImplementation"
           keystorePass="b84f2299ca25a8040b2d022b56716490"/>
  1. Save the server.xml file.
  2. Restart the BMC Atrium Orchestrator services.

Related topics

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*