To share applications that have secured properties among
IBM® UrbanCode™ Deploy servers,
exchange keys from each server's encryption keystore.
Before you begin
Make sure that the location of the Java™
keytool command is on
the
PATH variable of the servers. The
keytool application
is included in the Java developer
kit and is not part of
IBM UrbanCode Deploy.
About this task
To share applications that have secured properties, export
the server's key and import it into each target server. This process
enables applications from the exporting server to be used by the other
servers. Repeat the process for each server with applications that
you want to share.
Procedure
- On the first server, open a command-line window, and go to the server installation
conf/server directory.
- Find the value of the encryption.keystore.alias property
in the install/conf/server/installed.properties file. For example, the following code shows a value of
abcdkey1234:
encryption.keystore=../app_data/conf/encryption.keystore
encryption.keystore.alias=abcdkey1234
You must have this alias to complete the next steps.
- Go to the folder that contains the keystore file
encryption.keystore. The default location is
appData/conf/encryption.keystore, where
appData is the application data folder.
- Run the following command
to import the server key into a temporary keystore. You must enter this command on a single
line.
keytool -importkeystore -srckeystore encryption.keystore
-srcstorepass srcPassword
-srcstoretype jceks
-alias alias
-destkeystore temp.keystore
-deststorepass tempPassword
-deststoretype jceks
- For the srcPassword variable, specify the password
for the server keystore. The default password is changeit.
- For the alias variable, specify the value of
the encryption.keystore.alias property.
- For the tempPassword variable, specify a password
for the temporary keystore. You will use this password later.
- Copy the temporary keystore, which is named temp.keystore in
the previous example, to the install/conf/ folder
on the second server.
- On the second server, open a command-line window, and go to the server installation
install/conf/server directory.
- Run the following command to import the key in the temporary
keystore into the server keystore. You must enter this
command on a single line.
keytool -importkeystore -srckeystore temp.keystore
-srcstorepass tempPassword
-srcstoretype jceks
-alias alias
-destkeystore encryption.keystore
-deststorepass destPassword
-deststoretype jceks
- For the tempPassword variable, specify the
password for the temporary keystore.
- For the alias variable, specify the encryption.keystore.alias property
of the first server, not the current server.
- For the destPassword password, specify the
password for the current server keystore.
- Restart the second server.
- Optional: Delete the temporary keystore file
from each server.
Results
The encryption key from the first server keystore is now on
the second server keystore. As a result, the second server can now
decrypt applications from the first server.
You can verify that
the second server keystore has the key by running the following command
on the second server:
keytool -list -keystore encryption.keystore
-storepass password
-storetype jceks
For the
password variable,
use the password of the server keystore.
This command lists
the keys in the server keystore. If you copied the keys successfully,
the list includes at least two keys: one from each of the servers.
These keys are listed according to the
encryption.keystore.alias properties
of the respective servers. For example, the following output shows
two keys:
Keystore type: jceks
Keystore provider: IBMJCE
Your keystore contains 2 entries
efghkey5678, Oct 15, 2013, SecretKeyEntry,
abcdkey1234, Nov 22, 2013, SecretKeyEntry,
What to do next
Repeat this process to copy keys between other servers.