Symantec Access Management

  • Private Community
Back to discussions
Expand all | Collapse all

ADMIN UI disable clear text & update jks password (windows)

  • 1.  ADMIN UI disable clear text & update jks password (windows)

    Posted Sep 18, 2018 02:56 PM

    ----------------------------------------------------------------------------------------------------------------------------------------------------

    Disclaimer: These are the steps I tried in my local environment and to best of my knowledge. You need to understand these steps clearly before doing in your environments.

    ----------------------------------------------------------------------------------------------------------------------------------------------------

     

     

    When I queried java process in ADMIN UI server, the jks password is displayed in clear text and also using default password.

     

     

    Here are the steps to disable the jks password during the start up and to change the default passwords for keystore/keypass/truststore.

     

    Disable jks passwords during Start up:

     

    12.52 version - 

     

    1. Stop the WAM UI service, go to location <WAM UI Install>\SiteMinder\adminui\bin

    2. Take a back up of run.conf windows batch file

    3. Edit the run.conf windows batch file to comment below jks default passwords

     

    set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit"

    set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=changeit"

     

    4. Save the file and start the WAMUI service

    5. check the WAM UI porcess

     

     

    12.8 version -

     

    1. Stop the WAM UI service, go to location <WAM UI Install>\siteminder\adminui\bin

    2. Take a back up of standalone.conf windows batch file

    3. Edit the standalone.conf windows batch file to comment below jks default passwords

     

    set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit"

    set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=changeit"

     

    4. Save the file and start the WAMUI service

     

     

    Changing the default password for truststore/keystore/keypass:

     

    1. KeyStore:

     

    keytool.exe -storepass changeit -storepasswd -keystore keyStore.jks

    New keystore password:
    Re-enter new keystore password:

     

    2. Keypass:

     

    keytool.exe" -storepass {newpassword set in #1} -alias tomcat -keypasswd -keystore keyStore.jks

    Enter key password for <tomcat> {default password, changeit}
    New key password for <tomcat>:
    Re-enter new key password for <tomcat>:

     

    3. Trust Store:

     

    keytool.exe -storepass changeit -storepasswd -keystore trustStore.jks

    New keystore password:
    Re-enter new keystore password:

     

     

    Now update the Reference to jks/password in WAM UI configuration files:

     

    Though we disable JKS/Password in the configurations files, the key store are being referenced at different location and still will be using the jks/default passwords. 

     

    1. Stop the WAM UI service

    2. Update the configuration files with new passwords

     

    12. 52 - <WAM UI Install>\adminui\server\default\deploy\jbossweb.sar\server.xml

    12.8 - <WAM UI Install>\adminui\standalone\configuration\standalone-full.xml

     

    3. Since i'm not sure how the jks being refereed from run.conf/standalone.conf files for WAM UI service, please update the passwords in those  configurations files even though they are commented out.

     

    4. Start the WAM UI service