snkumar

ADMIN UI disable clear text & update jks password (windows)

Discussion created by snkumar on Sep 18, 2018

----------------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer: These are the steps I tried in my local environment and to best of my knowledge. You need to understand these steps clearly before doing in your environments.

----------------------------------------------------------------------------------------------------------------------------------------------------

 

 

When I queried java process in ADMIN UI server, the jks password is displayed in clear text and also using default password.

 

 

Here are the steps to disable the jks password during the start up and to change the default passwords for keystore/keypass/truststore.

 

Disable jks passwords during Start up:

 

12.52 version - 

 

1. Stop the WAM UI service, go to location <WAM UI Install>\SiteMinder\adminui\bin

2. Take a back up of run.conf windows batch file

3. Edit the run.conf windows batch file to comment below jks default passwords

 

set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit"

set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=changeit"

 

4. Save the file and start the WAMUI service

5. check the WAM UI porcess

 

 

12.8 version -

 

1. Stop the WAM UI service, go to location <WAM UI Install>\siteminder\adminui\bin

2. Take a back up of standalone.conf windows batch file

3. Edit the standalone.conf windows batch file to comment below jks default passwords

 

set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit"

set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStorePassword=changeit"

 

4. Save the file and start the WAMUI service

 

 

Changing the default password for truststore/keystore/keypass:

 

1. KeyStore:

 

keytool.exe -storepass changeit -storepasswd -keystore keyStore.jks

New keystore password:
Re-enter new keystore password:

 

2. Keypass:

 

keytool.exe" -storepass {newpassword set in #1} -alias tomcat -keypasswd -keystore keyStore.jks

Enter key password for <tomcat> {default password, changeit}
New key password for <tomcat>:
Re-enter new key password for <tomcat>:

 

3. Trust Store:

 

keytool.exe -storepass changeit -storepasswd -keystore trustStore.jks

New keystore password:
Re-enter new keystore password:

 

 

Now update the Reference to jks/password in WAM UI configuration files:

 

Though we disable JKS/Password in the configurations files, the key store are being referenced at different location and still will be using the jks/default passwords. 

 

1. Stop the WAM UI service

2. Update the configuration files with new passwords

 

12. 52 - <WAM UI Install>\adminui\server\default\deploy\jbossweb.sar\server.xml

12.8 - <WAM UI Install>\adminui\standalone\configuration\standalone-full.xml

 

3. Since i'm not sure how the jks being refereed from run.conf/standalone.conf files for WAM UI service, please update the passwords in those  configurations files even though they are commented out.

 

4. Start the WAM UI service

Outcomes