To change the tomcat.keystore password in the FMS.
- Remote into the Foglight host and navigate to the directory
- Execute the "[FMS_HOME]/jre/bin/keytool -storepasswd somepassword -keystore [FMS_HOME]/config/tomcat.keystore" command
- Change the password for all the keys within the keystore
[FMS_HOME]/jre/bin/keytool -keypasswd somepassword -alias tomcat -keystore [FMS_HOME]/config/tomcat.keystore
Note: To list a keystore for all it's aliases
[FMS_HOME]/jre/bin/keytool -keystore [FMS_HOME]/config/tomcat.keystore -storepass somepassword --list - Modify the [FMS_HOME]/server/tomcat/server.xml tomcat.keystore password
keystorePass=""
Note: Foglight 5.7.5.1+ accepts encrypted passwords in the server.xml file
To encrypt
- [FMS_HOME]/bin/keyman.sh -d [FMS_HOME]/config encpwd somepassword foglight.defaultkey
- Copy and paste the output to the keystorePass="" in the [FMS_HOME]/server/tomcat/server.xml file
Here are the example on the changes in Linux:
[foglight@MyHost bin]$ ./keytool -storepasswd -keystore ../../config/tomcat.keystore
Enter keystore password: <-- this is old store level password Nitrogen
New keystore password: <--- This is new store level password, in my case is MyNewPass
Re-enter new keystore password: <--- This is new store level password, in my case is MyNewPass
[foglight@MyHost bin]$ ./keytool --keypasswd -alias tomcat -new MyNewPass --keystore ../../config/tomcat.keystore
Enter keystore password: <--- This is new store level password, in my case is MyNewPass
Enter key password for <-- this is old key/store level password Nitrogen
[foglight@MyHost bin]$ ./keytool -storepass MyNewPass -keystore ../../config/tomcat.keystore -list
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, Oct 22, 2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): B0:F8:F5:DF:51:82:41:4F:32:F4:5D:77:DA:D2:F9:AC:AA:A5:90:D2
[foglight@torappl01 bin]$
[foglight@MyHost bin]$ ./keyman.sh encpwd MyNewPass foglight.defaultkey
Encrypted Password: q8fa0c3cb7e7465b84a08f0717ee21b7e
Now $FGLHOME/Server/tomcat/server.xml has changed
from
scheme="https" secure="true" SSLEnabled="true" clientAuth="false"
keystoreFile="../../config/tomcat.keystore"
keystorePass="q171ede14ed29f0c1ee9dc65f698d8e6d"
sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello" bindOnInit="false"/>
to
scheme="https" secure="true" SSLEnabled="true" clientAuth="false"
keystoreFile="../../config/tomcat.keystore"
keystorePass="q8fa0c3cb7e7465b84a08f0717ee21b7e"
sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello" bindOnInit="false"/>
Restart FMS to take it effect.