User self-service requires a key pair for encryption and a signing secret key to be available in the AM keystore before configuring any of its features. Reenter new password: Enter the password in the. (RETURN if same as keystore password): Enter the password in the. keystore am_keystore.jceks Enter keystore password: Enter the password in the. Note than in production environments you should use the strongest algorithm you can use. This example creates a self-signed key alias in the AM keystore, am_keystore.jceks, with a new asymmetric RSA key alias called mynewkey. When you create or import a new key, the keytool command adds the new alias to the specified keystore if it exists, or creates a new keystore if it does not exist. For example, the AM keystore:Ĭhange directories to the keystore location, for example, /path/to/openam/security/keystores/.Īcquire a new key from your certificate authority, or generate a new self-signed key. Perform the following steps to create new key aliases in an existing keystore. To Create Key Aliases in an Existing Keystore $ echo -n bmV3a2V5cGFzc3dvcmQ= > keystoreA_keypass The files will contain the passwords encoded expected by the file system secret volume store.įor example, if you chose Base64 encoded as the encoding, you must base64-encode the passwords, and then add them to their respective files.įor example: $ echo -n bmV3c3RvcmVwYXNzd29yZA= > keystoreA_storepass Since you can encode the content of the files using different modes, we recommend that you create a directory for each encode mode you plan to use, at least.Ĭreate two files, one for the keystore password, and another for the password of the keys inside the keystore. For example, /path/to/openam/security/secrets/mydir. Go to the directory that the filesystem volume secret store will point to. You need to make them available within another secret store for example, by using a file system volume secret store, as shown below: (RETURN if same as keystore password): Reenter new password: keystore keystoreA.jceks Enter keystore password: Reenter new password: Enter key password for Note than in production environments you should use the strongest algorithm you can. This example creates a self-signed key alias in a new keystore file, keystoreA.jceks, with a new asymmetric RSA key alias, newkey. To create a new AM keystore, see "Managing the AM Keystore" instead.Īcquire a new key from your certificate authority and add it to a new keystore, or generate a new self-signed key in a new keystore. To Create a Keystore and Key Aliases for Keystore Secret Stores
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |