Upgrading keystore files for the Data Receiver

This scenario aims to eliminate the impact of the Java™ version upgrade on secure communications, especially if you have set up TLS authentication with Java 8 and want to continue using it, or if you want to set up two-way TLS authentication with Java 11.

Before you begin

Make sure that the following files have been generated in the Data Receiver's working directory:
  • cdp.jks
  • cdp.properties
  • passStore

About this task

Use the script to upgrade the Data Receiver's passStore file. After the migration, you can flexibly use the different Java version to start the Data Receiver or to continue to set up TLS authentication.

Procedure

To complete the Data Receiver's security migration process, you need to complete the following steps:

  1. Set the following environment variables:
    JAVA_HOME
    The Java installation directory on the Data Receiver system.
    Important: JAVA_HOME should match with the version when the Data Receiver TLS settings were initialized.
    CDPDR_HOME
    The Data Receiver working directory that is described in Setting up a working directory and an output directory for the Data Receiver.
    CDPDR_PATH
    The Data Receiver output directory that is described in Setting up a working directory and an output directory for the Data Receiver.
    • For Linux® systems
      export JAVA_HOME=/java_installation_directory
      export CDPDR_HOME=/dr_working_directory
      export CDPDR_PATH=/dr_output_directory
    • For Windows systems
      set JAVA_HOME=/java_installation_directory
      set CDPDR_HOME=/dr_working_directory
      set CDPDR_PATH=/dr_output_directory
  2. Download the migrateDataReceiverTLS.sh (for Linux systems) or migrateDataReceiverTLS.bat (for Windows systems) file from the Z Common Data Provider system by using a binary protocol.
  3. Change to directory CDPDR_HOME and run script migrateDataReceiverTLS.sh or migrtaeDataReceiverTLS.bat depending on your system:
    • For Linux systems
      cd CDPDR_HOME
      ./migrateDataReceiverTLS.sh
    • For Windows systems
      cd CDPDR_HOME
      migrateDataReceiverTLS.bat

Results

After you complete all the steps, the migration process generates a passStore file in PKCS12 format for the Data Receiver, and backs up the original passStore file that is in JCEKS format in the CDPDR_HOME directory:
passStore
The keystore file in PKCS12 format, which contains a secret key for password encryption.
passStore_LEGACY
The keystore file in JCEKS format, which contains a secret key for password encryption.
Note: The output files will be generated only if your scenario matches the migration scenario, otherwise, no files will be generated.