Build Forge configurations must be changed to use a changed
keystore password.
Before you begin
Prerequisite:
- The Build Forge engine has not been started since you turned off
SSL, stopped the Build Forge engine, and modified the keystore passwords.
About this task
The Apache Tomcat application server contains keystore
passwords in the server.xml configuration file. They
are stored as clear text. Apache Tomcat does not support encoded or
encrypted passwords in this setting. In this procedure you modify server.xml and
security properties in the Build Forge console.
Procedure
- Enter the new password in the Tomcat configuration. Edit <bfinstall>/Apache/tomcat/conf/server.xml.
The Connector statement for SSL is located just under the comment <!–
Define a SSL HTTP/1.1 Connector on port 8443 -- >.
<Connector port="8443" maxHttpHeaderSize="8192" algorithm="IbmX509"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\Program Files\IBM\Build Forge\keystore\buildForgeTrustStore.p12"
keystorePass="newpassword"
keystoreType="PKCS12"
truststoreFile="C:\Program Files\IBM\Build Forge\keystore\buildForgeTrustStore.p12"
truststorePass="newpassword"
truststoreType="PKCS12"/>
- Start Build Forge.
- Log in to the console. Use root or a login
that has the Security access role.
- Enter the new password for the keystores. In , edit these entries
to use newpassword in the Password property.
- Default JSSE Key Store
- Default JSSE Trust Store
- Default OpenSSL Key Store
- Enable SSL.
- In the console, go to .
- Set SSL Enabled to Yes.
- Click Save.
- Export the change to BFClient.conf. Click Update Master BFClient.conf.
- Start the Build Forge engine.