Enabling product encryption after upgrading

Enabling product encryption after upgrading from a version earlier than 10.1.

If you are upgrading from a version earlier than version 10.1, you can optionally enable encryption for key product files by performing the following steps on the master domain manager and on each agent in the environment:

  1. Generate a new key by running the following keytool command: 
    ./keytool -genseckey -alias new_alias_name -keyalg AES -keysize 256 
-storepass encrypt_keystore_pwd_in_clear -storetype PKCS12 -keystore encrypt_keystore_file
  2. Create the stash file containing a password encoded in base64. You can store the file in a path of your choice.
  3. Add the following keys in the localopts file:
    encrypt keystore file file_name
    The path to the keystore PKCS12 file, containing the AES-256 or AES-128 key. The keystore is created automatically at installation time and the related path is inserted in this parameter. If you want to use a different keystore, you can create it and add the path in this option.
    encrypt keystore pwd password
    The path to the keystore stash file.
    encrypt label
    The label you assign to the new key in the keystore. This property is case insensitive.
    Consider the following example of the modifications to the localopts file:
    encrypt keystore file ="/opt/wa/TWA/TWS/ssl/key.p12" 
encrypt keystore pwd ="/opt/wa/TWA/TWS/ssl/key.sth"
encrypt label ="myalias"
    where
    encrypt keystore file
    corresponds to the -keystore encrypt_keystore_file parameter in the command provided in step 1.
    encrypt keystore pwd
    corresponds to the path of the stash file created in step 2.
    encrypt label
    corresponds to the -alias new_alias_name parameter in the command provided in step 1.
The current Symphony plan keeps using the previous key. To apply the new setting to the Symphony plan, run a JnextPlan command. The message boxes are encrypted immediately and the useropts file is encrypted as soon as you save the localopts file and launch a CLI command. Key product files are now encrypted with the new key.