(Enter the password, and then Ctrl + D or Command + D.)
How To
Summary
How to modify the default keystore password
Steps
If you need to modify the default password of the keystore file (in /crypt/certs) used by Resilient server, you should follow the steps below:
1. Backup the existing keystore file and keyvault file by commands:
cp /crypt/certs/keystore /crypt/certs/keystore.bak
cp /crypt/keyvault/keyvault2 /crypt/keyvault/keyvault2.bak
2. Modify the keystore password by command:
sudo keytool -storepasswd -new NEWPASSWORD -keystore /crypt/certs/keystore -storepass "$(sudo resutil keyvaultget -name keystore)"
Note, you need to replace NEWPASSWORD with the desired keystore password.
3. Modify the key password of the keystore file by command:
sudo keytool -keypasswd -new NEWPASSWORD -keystore /crypt/certs/keystore -alias co3 -keypass "$(sudo resutil keyvaultget -name keystore)" -storepass NEWPASSWORD
Note, you need to replace NEWPASSWORD in "-new" and "-storepass" arguments with the new password you used in the above step 2.
4. For Resilient version lower than v32.1, update the keystore password which is stored in keyvault file:
sudo resutil keyvaultset -name keystore -value NEWPASSWORD
Note, you need to replace NEWPASSWORD in "-value" with the new password you used in the above step 2.
5. For a Resilient version higher than v32.1 the command should be:
sudo resutil keyvaultset -name keystore -stdin
6. Restart Resilient service:
sudo systemctl restart resilient-messaging
Additional Information
Known Issues:
1. You cannot access Resilient web client after restarting the server, and you can see the following error in "/usr/share/co3/logs/client.log"
java.lang.RuntimeException: java.lang.RuntimeException: java.security.UnrecoverableKeyException: Cannot recover key
The error is due to the co3 alias key password does not match the keystore password. You need to make sure you have run the above step 3 and restart Resilient service.
2. You cannot access Resilient web client after restarting the server, and you can see the following error in "/usr/share/co3/logs/client.log"
java.lang.RuntimeException: java.lang.RuntimeException: java.io.IOException: Keystore was tampered with, or password was incorrect
The error is because the password saved in the keyvault file is not updated to the new password. You need to make sure you have run the above step 4 and restart Resilient service.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
28 May 2021
UID
ibm11160698