To share applications with secured properties among several IBM® UrbanCode Deploy servers,
exchange keys from each server's encryption.keystore.
About this task
To share applications with secured properties, export the server's key then import it into
each target server. This process enables applications from the exporting server to be used by the
importing servers. Repeat the exporting process for each server with applications you want to
share.
Procedure
- Open a shell and navigate to the conf directory for one of the servers,
which is referred to as Server A for clarity.
- Because the name used for the imported key must match the name of the exported key, run the
following command to list the alias for the Server A key:
keytool -list -keystore -storetype
For
example:keytool -v -list -keystore /opt/udeploy/server/conf/encryption.keystore -storetype jceks
-keystore must resolve to Server A's
encryption.keystore. -storetype must be
jceks.
- Export the file by running the following command:
keytool -importkeystore -deststorepass -destkeystore -deststoretype
jceks -srckeystore -srcstoretype jceks -srcstorepass -alias
For
example:keytool -importkeystore -deststorepass changeit -destkeystore dev-instance.keystore -deststoretype
jceks -srckeystore /opt/udeploy/server/conf/encryption.keystore -srcstoretype
jceks -srcstorepass changeit -alias desedekeyj48p
-alias must correspond to the alias returned by the keytool -list
command.
- Move the exported.keystore to Server B's /conf
directory.
- Import the file into the Server B keystore by running the following command:
keytool -importkeystore -deststorepass -destkeystore -deststoretype
jceks -srckeystore -srcstoretype jceks -srcstorepass -destalias -srcalias
For
example:keytool -importkeystore -deststorepass changeit -destkeystore
/opt/udeploy/server/conf/encryption.keystore -deststoretype jceks -srckeystore
import/dev-instance.keystore -srcstoretype jceks -srcstorepass changeit -destalias
desedekeyj48p -srcalias desedekeyj48p
Both -destalias and -destalias must correspond to the alias
returned by the keytool -list command.
- Optional. If you intend to import Server B's applications into Server A, repeat the process in
reverse, using Server B's alias in this instance.