Enabling AES password encryption for the server environment
You can enable Advanced Encryption Standard (AES) password encryption so that your passwords are more secure in your configuration files and properties files for the server environment. Currently, WebSphere® Application Server supports AES-128 encryption.
Before you begin
Complete the following actions.
- For a list of files in an application server profile that contains navigation paths and passwords that can be encrypted, see the topic on encoding passwords in files.
- Back up your configuration files by using the backupConfig command.
- Before you enable AES password encryption for a cell, ensure that all nodes in the cell support AES password encryption.
- Ensure that AES password encryption is not already enabled for the server environment.
Otherwise, you receive a CWPKI0765E message, which indicates that the
PasswordUtil.properties file exists, when you run the
enablePasswordEncryption command.
If you receive this message, you have a few options. You can modify the password by running the modifyPasswordEncryption command. Alternatively, you can disable password encryption by running the disablePasswordEncryption command, and then enable password encryption by running the enablePasswordEncryption command.
- Before you attempt to incorporate a stand-alone application server into a cell, ensure that both AES password encryption is disabled and that the PasswordUtil.properties file is deleted for the stand-alone application server. Otherwise, the stand-alone application server cannot be incorporated. Additionally, you receive a CWPKI0765E message, which indicates that the PasswordUtil.properties file exists.
- AES password encryption does not support the administrative agent and the nodes that the administrative agent manages.
- The remove node operation in the administrative console is unsupported after AES password encryption is enabled for the federated environment. To remove a node, use the removeNode command at the node.
About this task
The key for AES encryption is stored in the aesKey.jceks file. Various parameters that require password encryption are stored in the passwordUtil.properties file. By default, these files are in the ${CONFIG_ROOT}/cells/cell_name directory.