Use > Hardening > Enabling Secure Sockets Layer (SSL) Communication > Change the Server Keystore Passwords

Change the Server Keystore Password

After installing the Server, the HTTPS port is open and the keystore used for SSL certificate is secured with the password you used at upgrade.

The following procedure explains how to change the server.keystore password only. However, you should perform the same procedure for changing the server.truststore password.

Note You must perform every step in this procedure.

  1. Start the UCMDB Server.
  2. Execute the password change in the JMX console:

    1. Launch the Web browser on the UCMDB Server machine, as follows: https://localhost:8443/jmx-console.

      Note Starting from version 10.30, access to the JMX console is restricted to localhost only. If you need to access the JMX console remotely, see How to Enable Remote Access to the JMX Console.

      You may have to log in with a user name and password.

    2. Under UCMDB, click UCMDB:service=Security Services to open the Operations page.

    3. Locate and execute the changeKeystorePassword operation.

      This field must not be empty and must be at least six characters long. The password is changed in the database only.

  3. Stop the UCMDB Server.
  4. Run commands.

    From C:\UCMDB\UCMDBServer\bin\jre\bin, run the following commands:

    1. Change the store password:

      keytool -storepasswd -new <new_keystore_pass> -keystore C:\UCMDB\UCMDBServer\conf\security\server.keystore -storepass <current_keystore_pass>

    2. The following command displays the inner key of the keystore. The first parameter is the alias. Save this parameter for the next command:

      keytool -list -keystore C:\UCMDB\UCMDBServer\conf\security\server.keystore

    3. Change the key password (if the store is not empty):

      keytool -keypasswd -alias <alias> -keypass <currentPass> -new <newPass> -keystore C:\UCMDB\UCMDBServer\conf\security\server.keystore

    4. Enter the new password.

  5. Start the UCMDB Server.
  6. Repeat the procedure for the Server truststore.