Administer > System Security > Encryption of client keystore passwords

Encryption of client keystore passwords

Service Manager supports encryption of keystore passwords in the Windows and web clients.

Windows client

The Windows client keystore password that you enter in Window > Preferences > HPE Service Manager > Security is automatically encrypted and stored in the following file:

<Your user workspace dir>\ServiceManager\workspace\.metadata\.plugins\org.eclipse.core.runtime\.settings\com.hp.ov.sm.client.eclipse.base.prefs

Limitation

If you have installed one or multiple instances of the Windows client earlier than version 9.34.p2 on the same host, after you install the SM 9.41 Windows client on the same host and put all the instances into alternate use, you may have problems with the Use SSL Encryption option or the Use Trusted Sign-on connection option. Therefore, we strongly recommend you to uninstall all other Windows client instances before you install the Service Manager9.41 Windows client. If you still have problems with the Use SSL Encryption option or the Use Trusted Sign-on connection option after you upgrade your Windows client (for example, you may roll back to an earlier version and then upgrade Service Manager to version 9.41), you need to update the com.hp.ov.sm.client.eclipse.base.prefs file. To do so, follow these steps:

  1. Open the following preference file with a text editor:

    <your home folder>\ServiceManager\workspace\.metadata\.plugins\org.eclipse.core.runtime\.settingssettings\com.hp.ov.sm.client.eclipse.base.prefs

    For example, your home folder can be C:\Users\<your username>.

  2. Modify the value of the safePassword parameter from true to false, or delete this parameter.
  3. Save and close the file.
  4. Restart the Windows client.

  5. Navigate to Window > Preferences > HPE Service Manager > Security, and re-enter the client keystore password.

Web client

The keystorePassword parameter has been removed from the web tier configuration file (web.xml) since version 9.34p2, and you must enter your web client keystore password in a webtier.properties file that is located in the following folder:

<Customize-Folder>/config/webtier.properties (where <Customize-Folder> is the folder specified in the customize-folder parameter in the web.xml file.)

Tip You can use the <Webtier>/WEB-INF/webtier.properties file as a template for your <Customize-Folder>/config/webtier.properties file.

When the web application server is started, Service Manager changes this value to an encrypted string. The following steps describe how you set a new or update an existing web client keystore password.

To set a web client keystore password using the <Customize-Folder>, follow these steps:

  1. Make sure the customize-folder parameter is configured in the web tier configuration file (web.xml).
  2. Create a webtier.properties file in the <Customize-Folder>/config directory.

    Note Make sure the web application server has read/write access to this directory.

  3. Open the file in a text editor, and add the following line to the file:

    keystorePassword=< your keystore password in clear text format>

  4. Save and close the file.
  5. Restart the web application server.

    The password you entered is now encrypted. In the meantime, Service Manager adds the following line to the webtier.properties file:

    safePassword=true

To update an existing keystore password of the web client, follow these steps:

  1. Stop the web application server.
  2. Open the webtier.properties file with a text editior.
  3. Modify the value of the safePassword parameter from true to false, or delete this parameter.
  4. Modify the value of the keystorePassword parameter to a new password.
  5. Save and close the file.
  6. Restart the web application server.