If you are migrating to IBM® Business
Process Manager
(BPM) V8.6.0, and you enabled custom password
encryption in your source IBM BPM environment
to protect passwords that are contained in your WebSphere® Application
Server configuration, you must complete the following
steps before migration.
Procedure
- Immediately after you install the new version of IBM Business
Process Manager, copy the custom encryption JAR file to
install_root_V8.6.0/lib/ext.
- Before you run BPMConfig -create -de to create the deployment environment,
enable the command script to support custom encryption.
- From install_root_V8.6.0/bin on all
IBM BPM
V8.6.0 installations, including the deployment
manager and all nodes, open BPMConfig.bat for Windows or
BPMConfig.sh for Linux or UNIX.
- Find the "Enabling custom password encryption" comment block. Read the comments and then
uncomment the lines to enable custom password encryption.
- Set a WebSphere property to point to your encryption implementation class, by changing the
value of the com.ibm.wsspi.security.crypto.customPasswordEncryptionClass
property to the name of your encryption implementation class.
- Set any further properties that your encryption implementation class needs, by adding
-Dkey=value for any further properties. If the custom password encryption class has additional properties and you want them to be
handled automatically, the properties must be prefixed by the package name of the custom encryption
class. For example, if the class is
com.ibm.wsspi.security.crypto.customPasswordEncryptionClass=com.acme.crypto.CustomPwEncryption
then the properties would be named
com.acme.crypto.keystore=${WAS_INSTALL_ROOT}/acme/crypto.jceks
com.acme.crypto.certalias=BPM
Restriction: If the additional properties do not follow this naming convention, the properties
cannot be recognized as belonging to custom password encryption and you must add them manually as
Java system properties for the WebSphere JVMs.