Specifying a keystore password

This topic describes how to specify a keystore password on any of the server components. You can specify the password as plain text, or you can specify a text string that you encrypted in the Maintenance Tool.

In the instructions on this page, AO_HOME represents the installation directory for TrueSight Orchestration components.

To specify the keystore password as plain text on a server component

1. Stop the TrueSight Orchestration services.
2. On the computer for the server component, use a text editor to open the AO_HOME/tomcat/conf/server.xml file.

3. Locate the <connector> element that contains the HTTPS protocol information, as shown in the following sample:

   <Connector port="8443" protocol="HTTP/1.1"
                  maxThreads="150" scheme="https" secure="true"
                  clientAuth="false" />

4. Append the following attribute to the connector element, and replace <password> with the new password: keystorePass="<password>". Also replace protocol value with the one shown in the following example. 
   In the following example, myPassw0rd is the new keystore password:

   <Connector port="8443" protocol="HTTP/1.1"
                  maxThreads="150" scheme="https" secure="true"
                  clientAuth="false" protocol="com.bmc.ao.catalina.connector.BAOHttp11NioProtocol" keystorePass="myPassw0rd" />
   
5. Save the server.xml file.
6. Restart the TrueSight Orchestration services.

To specify an encrypted keystore password on a server component

1. Stop the TrueSight Orchestration services for all peers.
   See, Starting-and-stopping-product-components-and-services. 
2. Navigate to the <installationDirectory>/MaintainBMCAO directory, and start the maintenance tool. 
   
   • Windows: PlatformMaintenanceTool.cmd
   • UNIX: PlatformMaintenanceTool.sh 
3. On the computer for the server component, open the AO_HOME/tomcat/conf/server.xml file in a text editor.

4. Locate the <connector> element that contains the HTTPS protocol information, as shown in the following sample:

   <Connector port="8443" protocol="HTTP/1.1"
                  maxThreads="150" scheme="https" secure="true"
                  clientAuth="false" protocol="com.bmc.ao.catalina.connector.BAOHttp11NioProtocol" />
   

5. Add the following property to the connector attribute:

              protocol="com.bmc.ao.catalina.connector.BAOHttp11NioProtocol"
              keystorePass="<encrypted-password>"

6. Using the Maintenance Tool, encrypt a password text string.

   Click here to see the steps:

   1. On the TrueSight Orchestration Maintenance Tool window, click the Encrypt tab. 
   2. Type and confirm the password.
   3. Click Encrypt. 
      The encrypted password is displayed in the Encrypted password text box. 
   4. Copy the encrypted password.

7. After copying the encrypted password from the Maintenance Tool, replace <encrypted-password> with the copied value, as in the following example:

   <Connector port="8443" protocol="HTTP/1.1"
              maxThreads="150" scheme="https" secure="true"
              clientAuth="false" protocol="com.bmc.ao.catalina.connector.BAOHttp11NioProtocol"
              protocol="com.bmc.ao.catalina.connector.BAOHttp11NioProtocol"
              keystorePass="b84f2299ca25a8040b2d022b56716490"/>
8. To avoid any issues with the encrypted password, perform these steps:
   1. Replace the value for the protocol element to org.apache.coyote.http11.Http11NioProtocol.

1. 1. Navigate to theAO_HOME/tomcat/webapps/servername/WEB-INF/lib directory, copy the security-common-<version>.jar file, navigate to the AO_HOME/tomcat/lib directory and paste the JAR file there.

1. Save the server.xml file.
2. Restart the TrueSight Orchestration services.
   Perform step 1 to 10 on all servers.