Follows the steps below to change the password for the keystore and/or the SSL certificate:
1. First of all (VERY IMPORTANT), back up the following files (these are the only two files that contain SSL password information, so if you have back ups, you can restore the files in the event you have issues after changing passwords):
a) Backup the 'pskey' file:
- For PeopleTools 8.51+, the file is located in <PS_HOME>/webserv/<DOMAIN_NAME>/piaconfig/keystore/
- For PeopleTools 8.49 and lower versions, the file is located in <PS_HOME>/webserv/<DOMAIN_NAME>/keystore/
b) Backup the 'config.xml' file
- For PeopleTools 8.49+, the file is located in <PS_HOME>/webserv/<DOMAIN_NAME>/config
- For PeopleTools 8.48 and lower versions, the file is located in <PS_HOME>/webserv/<DOMAIN_NAME>
2. Next, change the password in the WebLogic keystore. Note that there is a password for the certificate and a password for the keystore. Below are instructions for changing both of these passwords:
a) To change the keystore password:
i. Go to directory containing pskeymanager:
-For PeopleTools 8.51+, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>/piabin
-For PeopleTools 8.49 to 8.50, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>/bin
-For PeopleTools 8.48 and lower versions, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>
ii. Run the following command:
-For Windows:
pskeymanager -changeKeystorePassword
-For Unix/Linux platforms:
./pskeymanager.sh -changeKeystorePassword
iii. You will then be prompted for current password and new password
iv. After changing the password, file pskey will be updated with the new password
b) To change the certificate password:
i. Go to directory containing pskeymanager:
-For PeopleTools 8.51+, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>/piabin
-For PeopleTools 8.49 to 8.50, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>/bin
-For PeopleTools 8.48 and lower versions, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>
ii. Run the following command:
-For Windows:
pskeymanager -changePrivateKeyPassword
-For Unix/Linux platforms:
./pskeymanager.sh -changePrivateKeyPassword
iii. You will then be prompted to enter the keystore password.
Then you'll be prompted for the 'alias' of the certificate you want to change.
Then you'll be prompted to enter the current password and new password for the certificate.
iv. After changing the password, file pskey will be updated with the new password.
3. You will now need to configure WebLogic to use the new passwords.
Below are instructions for making this change on WebLogic 9.2/10.3 and for WebLogic 8.1:
For WebLogic 9.2, 10.3 and 12c:
a. Log into the WebLogic Admin Console: http://hostname:admin_port/console
b. Log in using "system" username
(For WebLogic 10.3 prior to PeopleTools 8.53 the default password is 'Passw0rd' For WebLogic 9.2, it is 'password'. Starting with PeopleTools 8.53 there is no default password as it is entered during PIA creation.)
c. On the left hand panel, click 'Lock & Edit' button to switch to Edit mode.
d. Under the Environment section, click on 'Servers'
e. Click the 'PIA' hyperlink (or whatever server you want to change)
f. Choose 'Configuration' tab
g. If you changed the 'keystore password':
-Go to 'Keystores' tab
-Enter the new password in the following 4 fields:
-Custom Identity Keystore Passphrase
-Confirm Custom Identity Keystore Passphrase
-Custom Trust Keystore Passphrase
-Confirm Custom Trust Keystore Passphrase
-Click 'Save' button
h. If you changed the 'certificate password', then:
-Go to 'SSL' tab
-Enter the new password in the following 2 fields:
-Private Key Passphrase
-Confirm Private Key Passphrase
-Click 'Save' button
i. Click the 'Activate Changes' button. (no need to restart the PIA and/or delete cache)
For WebLogic 8.1:
a. Log into the WebLogic Admin Console: http://hostname:admin_port/console
b. Log in using "system" username (default password is 'password')
c. From left menu, navigate to Servers>PIA (or whatever server you want to change)
d. Choose 'Configuration' tab and 'Keystores and SSL' subtab
e. If you changed the 'keystore password':
-Enter the new password in 'Passphrase' and 'Confirm Passphrase' fields.
This change must be made in both the 'Identity' and 'Trust' sections.
So you will need to enter the password four times.
f. If you changed the 'certificate password', then:
-Go to the bottom of page to the 'SSL Configuration' section
-Enter the new password for the private key alias in the 'Passphrase' and 'Confirm Passphrase' fields.
g. Go to the bottom of the page and click 'Apply' button
h. Restart the WebLogic domain. (If multi-server domain, first start WebLogicAdmin. After it is running, start PIA server). Note that it is not necessary to delete cache.
1. First of all (VERY IMPORTANT), back up the following files (these are the only two files that contain SSL password information, so if you have back ups, you can restore the files in the event you have issues after changing passwords):
a) Backup the 'pskey' file:
- For PeopleTools 8.51+, the file is located in <PS_HOME>/webserv/<DOMAIN_NAME>/piaconfig/keystore/
- For PeopleTools 8.49 and lower versions, the file is located in <PS_HOME>/webserv/<DOMAIN_NAME>/keystore/
b) Backup the 'config.xml' file
- For PeopleTools 8.49+, the file is located in <PS_HOME>/webserv/<DOMAIN_NAME>/config
- For PeopleTools 8.48 and lower versions, the file is located in <PS_HOME>/webserv/<DOMAIN_NAME>
2. Next, change the password in the WebLogic keystore. Note that there is a password for the certificate and a password for the keystore. Below are instructions for changing both of these passwords:
a) To change the keystore password:
i. Go to directory containing pskeymanager:
-For PeopleTools 8.51+, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>/piabin
-For PeopleTools 8.49 to 8.50, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>/bin
-For PeopleTools 8.48 and lower versions, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>
ii. Run the following command:
-For Windows:
pskeymanager -changeKeystorePassword
-For Unix/Linux platforms:
./pskeymanager.sh -changeKeystorePassword
iii. You will then be prompted for current password and new password
iv. After changing the password, file pskey will be updated with the new password
b) To change the certificate password:
i. Go to directory containing pskeymanager:
-For PeopleTools 8.51+, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>/piabin
-For PeopleTools 8.49 to 8.50, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>/bin
-For PeopleTools 8.48 and lower versions, the directory is <PS_HOME>/webserv/<DOMAIN_NAME>
ii. Run the following command:
-For Windows:
pskeymanager -changePrivateKeyPassword
-For Unix/Linux platforms:
./pskeymanager.sh -changePrivateKeyPassword
iii. You will then be prompted to enter the keystore password.
Then you'll be prompted for the 'alias' of the certificate you want to change.
Then you'll be prompted to enter the current password and new password for the certificate.
iv. After changing the password, file pskey will be updated with the new password.
3. You will now need to configure WebLogic to use the new passwords.
Below are instructions for making this change on WebLogic 9.2/10.3 and for WebLogic 8.1:
For WebLogic 9.2, 10.3 and 12c:
a. Log into the WebLogic Admin Console: http://hostname:admin_port/console
b. Log in using "system" username
(For WebLogic 10.3 prior to PeopleTools 8.53 the default password is 'Passw0rd' For WebLogic 9.2, it is 'password'. Starting with PeopleTools 8.53 there is no default password as it is entered during PIA creation.)
c. On the left hand panel, click 'Lock & Edit' button to switch to Edit mode.
d. Under the Environment section, click on 'Servers'
e. Click the 'PIA' hyperlink (or whatever server you want to change)
f. Choose 'Configuration' tab
g. If you changed the 'keystore password':
-Go to 'Keystores' tab
-Enter the new password in the following 4 fields:
-Custom Identity Keystore Passphrase
-Confirm Custom Identity Keystore Passphrase
-Custom Trust Keystore Passphrase
-Confirm Custom Trust Keystore Passphrase
-Click 'Save' button
h. If you changed the 'certificate password', then:
-Go to 'SSL' tab
-Enter the new password in the following 2 fields:
-Private Key Passphrase
-Confirm Private Key Passphrase
-Click 'Save' button
i. Click the 'Activate Changes' button. (no need to restart the PIA and/or delete cache)
For WebLogic 8.1:
a. Log into the WebLogic Admin Console: http://hostname:admin_port/console
b. Log in using "system" username (default password is 'password')
c. From left menu, navigate to Servers>PIA (or whatever server you want to change)
d. Choose 'Configuration' tab and 'Keystores and SSL' subtab
e. If you changed the 'keystore password':
-Enter the new password in 'Passphrase' and 'Confirm Passphrase' fields.
This change must be made in both the 'Identity' and 'Trust' sections.
So you will need to enter the password four times.
f. If you changed the 'certificate password', then:
-Go to the bottom of page to the 'SSL Configuration' section
-Enter the new password for the private key alias in the 'Passphrase' and 'Confirm Passphrase' fields.
g. Go to the bottom of the page and click 'Apply' button
h. Restart the WebLogic domain. (If multi-server domain, first start WebLogicAdmin. After it is running, start PIA server). Note that it is not necessary to delete cache.
NOTE: If using Integration Broker, you may also need to update the keystore in the integration broker configuration file (ie integrationGateway.properties)
No comments:
Post a Comment