New with mTLS support added in WinCollect 10.1.1!

A user might want to update the passphrase for an existing mTLS private key passphrase without using the console. The issue is that the passphrase must be encrypted before it is sent to the agent to update the configuration. The benefit of using the console is that a user can enter the password in unencrypted plain text and the console will take care of the encryption and update passphrase. However, there are situations where a user cannot use the console. The mTLS private key passphrase can still be updated by following a few simple steps.

Please Note: At this time, the encryption performed on the passphrase is specific to the machine the command was run on. Therefore, a user cannot use the same generated encryption text on multiple WinCollect agents. The command must be run on each agent machine that is to be updated.

To generate a new encrypted password:

  1. Launch a command prompt with administrator privileges.
  2. Change the directory to the WinCollect bin directory. For example, run this command: cd "\Program Files\IBM\WinCollect\bin"
  3. Run the following command and replace "newPassword1" with your new password: WinCollect.exe -P=newPassword1

The output will be the display the encrypted password. It will look similar to this:

To create an update script:

  1. Create a file somewhere in your file system called update_mTLSPrivateKeyPassphrase.xml
    • Note: The file name can be anything but it must start with “update_” and it must have a “.xml” extension.
  2. Open the file and paste in the following contents:

  3. Update the Destination name from “mTLSQRadarSample” to the actual destination name in your configuration you are trying to update the passphrase for.
  4. Update the value attribute from “sampleNewPassphrase” to the encrypted passphrase that was generated from running the WinCollect.exe -P command in the Windows command prompt run previously. The file will look something like this once updated:

  5. Save the file.
  6. Copy the file to the WinCollect patch directory. For example: "C:\Program Files\IBM\WinCollect\patch" by default.
  7. If the agent is running it will pick up the patch and process it.

The agent configuration will now be updated with the new encrypted password.

Join The Discussion