Specifying a keystore password
This topic describes how to specify a keystore password on any of the server components. You can specify the password as plain text, or you can specify a text string that you encrypted in the Maintenance Tool.
In the instructions on this page, AO_HOME represents the installation directory for components.
To specify the keystore password as plain text on a server component
- Stop the TrueSight Orchestration services.
- On the computer for the server component, use a text editor to open the AO_HOME/tomcat/conf/server.xml file.
Locate the <connector> element that contains the HTTPS protocol information, as shown in the following sample:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />Append the following attribute to the connector element, and replace <password> with the new password: keystorePass="<password>".
In the following example, myPassw0rd is the new keystore password:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystorePass="myPassw0rd" />- Save the server.xml file.
- Restart the TrueSight Orchestration services.
For additional information about the Apache Tomcat Servlet/JSP Container SSL Configuration, see documentation available at http://tomcat.apache.org/.
To specify an encrypted keystore password on a server component
- Stop the TrueSight Orchestration services for all peers.
See, Starting-and-stopping-product-components-and-services. - Navigate to the <installationDirectory>/MaintainBMCAO directory, and start the maintenance tool.
- Windows: PlatformMaintenanceTool.cmd
- UNIX: PlatformMaintenanceTool.sh
- On the computer for the server component, open the AO_HOME/tomcat/conf/server.xml file in a text editor.
Locate the <connector> element that contains the HTTPS protocol information, as shown in the following sample:
<Connector SSLEnabled="true" URIEncoding="UTF-8"
keystoreFile="C:\Program Files\BMC
Software\BAO\REPO\tomcat\conf\.keystore" maxSwallowSize="-1"
maxThreads="150" port="28080"
relaxedQueryChars="\{}^ `|"#<>[]"
server="platform-web-server" useServerCipherSuitesOrder="true"
protocol="com.bmc.ao.catalina.connector.BAOHttp11NioProtocol"
keystorePass=" <encrypted-password>">Add the following property to the connector attribute:
sslImplementationName="com.bmc.ao.catalina.connector.BAOSSLImplementation"
keystorePass="<encrypted-password>"Using the Maintenance Tool, encrypt a password text string.
After copying the encrypted password from the Maintenance Tool, replace <encrypted-password> with the copied value, as in the following example:
<Connector SSLEnabled="true" URIEncoding="UTF-8"
keystoreFile="C:\Program Files\BMC
Software\BAO\REPO\tomcat\conf\.keystore" maxSwallowSize="-1"
maxThreads="150" port="28080"
relaxedQueryChars="\{}^ `|"#<>[]"
server="platform-web-server" useServerCipherSuitesOrder="true"
protocol="com.bmc.ao.catalina.connector.BAOHttp11NioProtocol"
keystorePass=" <encrypted-password>">- To avoid any issues with the encrypted password, perform these steps:
- Replace the value for the protocol element to com.bmc.ao.catalina.connector.BAOHttp11NioProtocol.
- Navigate to the AO_HOME/tomcat/webapps/servername/WEB-INF/lib directory, copy the security-common-<version>.jar file, navigate to the AO_HOME/tomcat/lib directory and paste the JAR file there.
- Save the server.xml file.
- Restart the TrueSight Orchestration services.
Perform step 1 to 10 on all servers.
Related topics
Using-the-Maintenance-Tool-to-encrypt-a-password
Configuring-TrueSight-Orchestration-to-use-HTTPS