Modifying the keystore passwords

About this task

Build Forge has three default keystores that are password-protected, all installed on the host where you installed the Build Forge engine, in <bfinstall>/keystore:

The tools are included with Build Forge software.

Note: Line breaks are used for clarity in the example commands. Do not use them in the command. Enter it as one string or use the line-continuation character (^ for Windows, \ for UNIX or Linux).
Important: The same password is used for all keystores. It is shown as newpassword in the examples.

Procedure

  1. Log on to the host where the Build Forge engine is installed.
  2. Put the tool directories on your PATH.
    • <bfinstall>/openssl
    • <bfinstall>/ibmjdk/bin
  3. Disable SSL. In the console, go to Administration > Security. Set SSL Enabled to No.
  4. Click Save.
  5. Click Update Master BFClient.conf.
  6. Stop the Build Forge engine.
  7. Back up the existing key stores. Copy the existing Build Forge keystores to a temporary directory. If the modified files get corrupted, you can use the backed up keystores.
  8. Modify buildForgeKey.pem. In the directory <bfinstall>/keystore, run this command:
    openssl rsa 
    -in buildForgeKey.pem 
    -passin pass:oldpassword 
    -out buildForgeKey.pem 
    -passout pass:newpassword -aes128
  9. Modify buildForgeKeyStore.p12. In the directory <bfinstall>/keystore, run this command:
    keytool -storepasswd -all
    -new newpassword
    -keystore buildForgeKeyStore.p12
    -storepass oldpassword
    -storetype pkcs12
  10. Modify buildForgeTrustStore.p12. In the directory <bfinstall>/keystore, run this command:
    keytool -storepasswd -all
    -new newpassword
    -keystore buildForgeTrustStore.p12
    -storepass oldpassword
    -storetype pkcs12

Results

After the passwords are changed, you need to modify the Build Forge configuration to use the new passwords.

Feedback