Configuring License Metric Tool keystore password and encryption

Configure a unique password to the License Metric Tool keystore, and encrypt it with the AES encryption algorithm.

About this task

To configure SSO keystore passwords and encryption, see: Configuring SSO keystores passwords and encryption.

Procedure

  1. Contact IBM Support to obtain the default keystore password.
  2. Stop the License Metric Tool server.
  3. Change the License Metric Tool keystore password to a custom one.
    • For application update 9.2.26 and later, perform the following steps.
      1. Run the following command.
        • Linux <install_dir>/jre/jre/bin/keytool -storepasswd -keystore <install_dir>/wlp/usr/servers/server1/resources/security/key_server.p12 -storetype PKCS12
        • Windows <install_dir>\jre\jre\bin\keytool.exe -storepasswd -keystore <install_dir>\wlp\usr\servers\server1\resources\security\key_server.p12 -storetype PKCS12
      2. Provide the default License Metric Tool keystore password that you obtained in step 1.
      3. Provide your custom License Metric Tool keystore password and repeat it.
    • For application update 9.2.25 and earlier, perform the following steps.
      1. To list the contents of the License Metric Tool keystore, run the following command.
        • Linux <install_dir>/jre/jre/bin/keytool -list -keystore <install_dir>/wlp/usr/servers/server1/resources/security/key_server.jceks -storetype JCEKS
        • Windows <install_dir>\jre\jre\bin\keytool.exe -list -keystore <install_dir>\wlp\usr\servers\server1\resources\security\key_server.jceks -storetype JCEKS
        When prompted, provide the License Metric Tool keystore password that you obtained in step 1.
        
        Enter keystore password:
        
        Keystore type: JCEKS
        Keystore provider: IBMJCE
        
        Your keystore contains 1 entry
        
        default, Nov 15, 2013, keyEntry,
        Certificate fingerprint (SHA1): 
        xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx 
        Note: The list can consist of more than one entry, if Single Sign On is configured for the product. The underlined element is an alias for the listed entry, and it is required to complete next steps.
      2. Ensure that you change the password for all the listed entries. Run the following command, and specify the alias at the end of the command line.
        • Linux <install_dir>/jre/jre/bin/keytool -keypasswd -keystore <install_dir>/wlp/usr/servers/server1/resources/security/key_server.jceks -storetype JCEKS -alias default
        • Windows <install_dir>\jre\jre\bin\keytool.exe -keypasswd -keystore <install_dir>\wlp\usr\servers\server1\resources\security\key_server.jceks -storetype JCEKS -alias default
        Set up a single password for all the listed entries. For more than one entry, ensure the passwords are identical.
        
        Enter keystore password:
        Enter key password for <default>:
        New key password for <default>:
        Re-enter new key password for <default>:
        Password change successful for alias <default>
      3. To change the License Metric Tool keystore password, run the following command.
        • Linux <install_dir>/jre/jre/bin/keytool -storepasswd -keystore <install_dir>/wlp/usr/servers/server1/resources/security/key_server.jceks -storetype JCEKS
        • Windows <install_dir>\jre\jre\bin\keytool.exe -storepasswd -keystore <install_dir>\wlp\usr\servers\server1\resources\security\key_server.jceks -storetype JCEKS
      When prompted, provide the License Metric Tool keystore password that you obtained in step 1. Then, set up the new License Metric Tool keystore password. The password must match the password that you set up for the listed entries in step 3.b.
  4. To encrypt your License Metric Tool keystore password with AES, perform the following steps.
    1. Set the JAVA_HOME variable.

      Linux export JAVA_HOME=<install_dir>/jre/jre

      Windows set JAVA_HOME=<install_dir>\jre\jre

    2. Run the following command.

      Linux <install_dir>/wlp/bin/securityUtility encode --encoding=aes

      Windows <install_dir>\wlp\bin\securityUtility.bat encode --encoding=aes

      Whne prompted, provide your current License Metric Tool keystore password.

      
      Enter text:
      Re-enter text:
      {aes}xxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXX
  5. Update the License Metric Tool keystore password in the server.xml file.
    The server.xml file is located in the following folder.
    • Linux <install_dir>/wlp/usr/servers/server1/server.xml
    • Windows <install_dir>\wlp\usr\servers\server1\server.xml
    Enter the value generated in step 4 in the following code line.
     <keyStore id='defaultKeyStore' location='<keystore_file>' 
    password='{aes}xxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXX' type='<type>'/>
    Where:
    <keystore_file>
    Starting from application update 9.2.26, the License Metric Tool keystore file is: key_server.p12. For earlier application updates, it is: key_server.jks. By default, the file is stored in the following location: <install_dir>\wlp\usr\servers\server1\resources\security.
    <type>
    Starting from application update 9.2.26, the type of the License Metric Tool keystore is PKCS12. For earlier application updates, it is JCEKS.
  6. Start the License Metric Tool server.