Monday, May 30, 2016

How to change default keystore password on WSO2 servers



Sometimes, you may require to change default key store password in WSO2 prodcuts due to security reasons.

Here are the steps when changing keystore passwords:

Step 1:
Navigate to wso2 server location:
ex: cd $wso2_server/repository/resources/security

Step 2:
Change keystore password:
keytool -storepasswd -new [new password] -keystore [keystore name]
ex: keytool -storepasswd -new simplenewpassword -keystore wso2carbon.jks

Step 3:
Change Private Key password
keytool -keypasswd -alias wso2carbon -keystore wso2carbon.jks  
 Enter keystore password: <simplenewpassword>  
 Enter key password for <wso2carbon> wso2carbon  
 New key password for <wso2carbon>: <simplenewpassword>  
 Re-enter new key password for <wso2carbon>: <simplenewpassword>

Both keystore and private key password must be the same in some cases like WSO2 BAM. Specially, in Thrift, we need to configure to use one password for both.


Step 4:
Configure wso2 server (example taken here as WSO2 BAM)

  • Change carbon.xml at @wso2_server/repository/conf

<KeyStore>  
      <!-- Keystore file location-->  
      <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>  
      <!-- Keystore type (JKS/PKCS12 etc.)-->  
      <Type>JKS</Type>  
      <!-- Keystore password-->  
      <Password>simplenewpassword</Password>  
      <!-- Private Key alias-->  
      <KeyAlias>wso2carbon</KeyAlias>  
      <!-- Private Key password-->  
      <KeyPassword>simplenewpassword</KeyPassword>  
 </KeyStore>  
 <RegistryKeyStore>  
      <!-- Keystore file location-->  
      <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>  
      <!-- Keystore type (JKS/PKCS12 etc.)-->  
      <Type>JKS</Type>  
      <!-- Keystore password-->  
      <Password>simplenewpassword</Password>  
      <!-- Private Key alias-->  
      <KeyAlias>wso2carbon</KeyAlias>  
      <!-- Private Key password-->  
      <KeyPassword>simplenewpassword</KeyPassword>  
 </RegistryKeyStore>

  • Change identtity.xml at @wso2_server/repository/conf
 <ThirftBasedEntitlementConfig>  
      <EnableThriftService>true</EnableThriftService>  
      <ReceivePort>${Ports.ThriftEntitlementReceivePort}</ReceivePort>          <ClientTimeout>10000</ClientTimeout>  
      <KeyStore>  
           <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>               <Password>simplenewpassword</Password>  
      </KeyStore>  
 </ThirftBasedEntitlementConfig>

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)