Updating the encryption keystore

Your company IT policy might require that you periodically change the encryption key. Whenever the encryption key details change, you must update the encryption keystore in IBM OpenPages® with Watson™.

Note:

If field level encryption is already enabled, you do not need to disable the encryption keystore to update it.

Procedure

  1. Create a new keystore file.
    For more information, see Create the encryption keystore file and key pair.
  2. Create a keystore.properties file. See The keystore.properties file.
  3. Click Administration menu > Users and Security > Encryption Keystore.
  4. Click Edit.
  5. Enter the current encryption keystore password to access it.
  6. Update the details of the keystore.

    For more information, see Setting up the encryption keystore.

  7. Click Update.

    If you use field level encryption and it is enabled, the fields are re-encrypted using the new encryption key. Depending on the size of the repository, updating the encryption can take a long time. Field encryption runs in the background. You can view the progress by clicking Refresh.

  8. Update passwords in properties files.
    1. On each application server, change the passwords in properties files to plain text, save the files, and then restart the application server.
      For more information, see Updating property files on application servers to use a custom key.
    2. On each reporting server, change the passwords in properties files to plain text, save the files, and then restart the reporting server.
      For more information, see Updating property files on reporting servers to use a custom key.
    3. If you use global search, change the passwords in properties files to plain text, save the files, and then restart the server.
      For more information, see Updating property files on the search server to use a custom key.
    The passwords are encrypted with the updated encryption key when you restart the servers.
  9. If you use IBM OpenPages Loss Event Entry, re-enter the password for each locale.
    1. Start the configuration tool. Go to http://<server_name>:<port>/openpages/app/jspview/lossevent#/editconfig
    2. Log in with a user account that is a member of the OPAdministrators group.
    3. Under the Locales section, expand each locale and enter the password.
    4. Close the configuration tool.
    The passwords are encrypted with the updated encryption key.
  10. If you use LDAP for user provisioning, do the following steps:
    1. Click Administration menu > Users and Security > User LDAP Configuration.
    2. Edit the LDAP configuration.
    3. In the Security credentials field, re-enter the password that is used to authenticate with the LDAP server.
    4. Click Save.
    The security credentials are encrypted with the updated encryption key.
  11. If you use natural language classifiers, do the following steps:
    1. Click Administration menu > Integrations > Mapping and Taxonomy Suggestions.
    2. Edit the classifier configuration.
      • Natural Language Classifier: In the API Key field, re-enter the API key of the Natural Language Classifier instance.
      • Watson Discovery Analyze API: Re-enter the password.
    3. Click Save.
    4. Repeat these steps for each classifier configuration.
    The API keys are encrypted with the updated encryption key.