Use the esp_encrypt executable to
encrypt the keystore password for the ESP Web Services
Provider.
During installation, ESP encrypts the keystore
password in esp_wsp.xml. Encrypt the keystore password only when you
configure a new node or cluster (before you start it), or when you need to re-encrypt a
password using a new key file.
- Shut down all nodes in the cluster.
- Use a text editor to open the ESP
Web Services Provider configuration file:
ESP_HOME/wsp/esp_wsp.xml
- Copy the keystore password. If the keystore password is not in the
configuration file, add the password parameter to the keystore
element and set it to "true".
In the following section of a sample cluster node configuration
file, the keystore password is "Pass1234".
<Security>
<Keystore>
<Type>JKS</Type>
<File>keystore.jks</File>
<Password prompt="true">Pass1234</Password>
</Keystore>
<Cipher>
<File>ESP_HOME/wsp/wsp.key</File>
</Cipher>
</Security>
- Note the value in the Cipher element. This is the cluster key
file required to encrypt passwords. If the Cipher element does
not exist:
- Create a cluster key. From a command line, navigate to
ESP_HOME/bin and launch the
esp_encrypt executable using the
--create-key option:
esp_encrypt --create-key wsp.key
The command writes a new key to the file
wsp.key.
- Add the Cipher element to
<node-name>.xml using the format in step 3
- From a command line, navigate to ESP_HOME/bin and launch the
esp_encrypt executable using the --encrypt
option:
esp_encrypt --encrypt <key-file> --text <text>
If you enter the --text value successfully, the
esp_encrypt executable writes the encrypted text to the
display.
- Copy and paste the encrypted text from the utility into the cluster
node configuration file you opened in step 2. Replace the
original password in the Password parameter for
the Keystore element with the encrypted text.
- Ensure that the encrypted attribute in the password parameter is
set to encrypted="true".
This attribute ensures that the server recognizes the password as encrypted text
and decrypts it at runtime. If the attribute is not set to true, the server does not
recognize the password as encrypted text and tries to process the password without
decrypting it, resulting in errors.
- Save and close the ESP Web Services
Provider configuration file.