Change Keystore Password

The default password for the keystore used by the Controller is changeit. This is the default password for the Jetty keystore, and is a well-known (and thus insecure) password. For a secure installation, you need to change it.

Changing keystore password should include setting the same passwords for all the keys as well.

By default, keystore.jks contains s1as and reporting-instance keys.

  1. Update the keystore password: 
    <JRE_HOME>/bin/keytool -storepasswd -keystore <controller_home>/appserver/jetty/etc/keystore.jks -storepass <current_password> -new <new_password>
  2. Update the truststore password: 
    <JRE_HOME>/bin/keytool -storepasswd -keystore <controller_home>/appserver/jetty/etc/cacerts.jks -storepass <current_password> -new <new_password>
  3. Update the password for keys: 
    <JRE_HOME>/bin/keytool -keypasswd -keystore <controller_home>/appserver/jetty/etc/keystore.jks -storepass <new_password> -alias s1as -keypass <current_password> -new <new_password>
<JRE_HOME>/bin/keytool -keypasswd -keystore <controller_home>/appserver/jetty/etc/keystore.jks -storepass <new_password> -alias reporting-instance -keypass <current_password> -new <new_password>
  4. Create obfuscated password for the keystore password <new_password>:
    <JRE_HOME>/bin/java -jar <controller_home>/tools/lib/scs-tool.jar obfuscate -plaintext <new_password>
    This command creates the obfuscated password. For example:
    Example obfuscated password: s_-001-12-H8v0OuZ2X/M=SOMM06ufKVOATetbV2BYxQ==
  5. Update the obfuscated password in the Enterprise Console UI:
    1. Navigate to Configurations > Controller Settings > Appserver Configurations.
    2. In the JVM Options tab, update the following sections under SSL Context Config:
      <Set name="KeyStorePassword">
<Call class="com.singularity.ee.util.security.credentialstore.ObfuscationWrapper" name="deobfuscateString">
<Arg>[Obfuscated Password]</Arg>
</Call>
</Set>
<Set name="TrustStorePassword">
<Call class="com.singularity.ee.util.security.credentialstore.ObfuscationWrapper" name="deobfuscateString">
<Arg>[Obfuscated Password]</Arg>
</Call>
</Set>
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.keyStorePassword</Arg>
<Arg>
<Call class="com.singularity.ee.util.security.credentialstore.ObfuscationWrapper" name="deobfuscateString">
<Arg>[Obfuscated Password]</Arg>
</Call>
</Arg>
</Call>
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.trustStorePassword</Arg>
<Arg>
<Call class="com.singularity.ee.util.security.credentialstore.ObfuscationWrapper" name="deobfuscateString">
<Arg>[Obfuscated Password]</Arg>
</Call>
</Arg>
</Call>
    3. Click Save.
  6. Update the new keystore password in Enterprise Console:
    1. Navigate to Configurations > Controller Settings > Appserver Configurations.
    2. In SSL Certificate Management, update the new Controller Keystore Password and confirm.
    3. Click Save.