Changing the keystore that is used by WebSphere Liberty

When you install IBM OpenPages®, the installation process configures a keystore for IBM® WebSphere® Liberty. If you have an existing keystore or if you want to use an alternate keystore, you can change the keystore that is used by WebSphere Liberty. This task is optional.

Procedure

  1. Log on to the application server.
  2. Encrypt the password of the keystore that you want to use for WebSphere Liberty.
    Run the following command:
    <WLP_HOME>/bin/securityUtility.sh|.bat encode --encoding=aes <keystore_password>

    Replace <keystore_password> with the password of the keystore.

    The script returns the encrypted password.

  3. Edit the following file:
    <OP_HOME>/wlp-usr/servers/<server_name>/configDropins/overrides/op-apps.xml
  4. Update the following line to point to the keystore that you want to use. 
    <keyStore id="defaultKeyStore" location="<keystore_file>" password="<encrypted_password>" />

    Replace <keystore_file> with the path and filename of the keystore. Replace <encrypted_password> with the encrypted password from step 2.

    For example:
    <keyStore id="MyKeyStore" location="/home/opuser/OP/OpenPages/wlp-usr/servers/opappServer1/resources/security/my_keystore.p12" password="<encrypted_password>" />
  5. Restart all application services.
    For more information, see Starting application servers.
  6. Repeat these steps on each horizontal cluster application server.