Use > Hardening > High Availability Hardening > Cluster Message Encryption

Cluster Message Encryption

Use cluster message encryption to encrypt all the messages in the cluster.

To enable cluster message encryption:

  1. In UCMDB, go to Administration > Infrastructure Settings Manager.

  2. Find the setting Enable High Availability cluster communication encryption and set it to true.
  3. Provide a secret key for symmetric encryption on all the servers. The key should be placed in a keystore of type JCEKS in the following location <UCMDB installation folder>\conf\security\cluster.encryption.keystore.

    Note The UCMDB comes with this keystore pre-configured out of the box. This keystore is the same for all clean UCMDB installations, and thus not secure. If you wish to securely encrypt cluster messages, please delete this file, and create a new one by following this procedure.

  4. From <UCMDB installation folder>\bin\jre\bin, run the following command:

    Keytool –genseckey –alias hpcert –keystore <UCMDB installation folder>\conf\security\cluster.encryption.keystore –storetype JCEKS

  5. You will be asked for the new keystore password. The default password is “hppass”. If you want to use a different password, you need to update the server by running the following JMX method:

    UCMDB:service=High Availability Services: changeClusterEncryptionKeystorePassword

  6. Replace the old <UCMDB installation folder>\conf\security\cluster.encryption.keystore of all the servers in the cluster with this new keystore.

  7. Restart the servers.