Use > JMX Reference > Hardening Methods > How to Change the Server Keystore Password

How to Change the Server Keystore Password

After installing the Server, the HTTPS port is open and the store is secured with a weak password (the default hppass). If you intend to work with SSL only, you must change the password.

The following procedure explains how to change the server.keystore password only. However, you should perform the same procedure for changing the server.truststore password.

Note You must perform every step in this procedure.

  1. Start the UCMDB Server.
  2. Execute the password change in the JMX console:

    1. Launch the Web browser on the UCMDB Server machine, as follows: https://localhost:8443/jmx-console.

      Note Access to the JMX console is restricted to localhost only. If you need to access the JMX console remotely, see How to Enable Remote Access to the JMX Console.

      You may have to log in with a user name and password.

    2. Under UCMDB, click UCMDB:service=Security Services to open the Operations page.

    3. Locate and execute the changeKeystorePassword operation.

      This field must not be empty and must be at least six characters long. The password is changed in the database only.

  3. Stop the UCMDB Server.
  4. Run commands.

    From C:\UCMDB\UCMBServer\bin\jre\bin, run the following commands:

    1. Change the store password:

      keytool -storepasswd -new <new_keystore_pass> -keystore C:\UCMDB\UCMDBServer\conf\security\server.keystore -storepass <current_keystore_pass>

    2. The following command displays the inner key of the keystore. The first parameter is the alias. Save this parameter for the next command:

      keytool -list -keystore C:\UCMDB\UCMDBServer\conf\security\server.keystore

    3. Change the key password (if the store is not empty):

      keytool -keypasswd -alias <alias> -keypass <currentPass> -new <newPass> -keystore C:\UCMDB\UCMDBServer\conf\security\server.keystore

    4. Enter the new password.

  5. Start the UCMDB Server.
  6. Repeat the procedure for the Server truststore.