Changing the Default Keystore Password

To change the default keystore password for a VM Access Proxy:

  1. Open a console connection to the VM Access Proxy server.
  2. Run the following command to change the password on the Tomcat key:

    keytool -keypasswd -alias tomcat -keystore keystore -storepass <old_keystore_password>

  3. Run the following command to change the keystore's password:

    keytool -storepasswd -keystore keystore -storepass <old_keystore_password>

  4. In the /var/data/conf folder, open the file nano server.xml for editing.
  5. In the Connector section, locate the Connector element that contains the keystoreFile attribute.
  6. Add the following line, with the appropriate keystore password:

    keystorePass=<new_keystore_password>

    For example:

    <!-- Define a SSL HTTP/1.1 Connector on port 443 -->

      <Connector SSLEnabled="true" clientAuth="false" keystoreFile="${catalina.home}/conf/keystore"

      keystorePass="changeit2"

      maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true"

      sslProtocol="TLS"

      sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"

      ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"

      />
  7. In the /var/data/conf folder, open the file config.properties for editing.
  8. Add the following line to the file:

    consoleproxy.keystore.password = <new_keystore_password>

  9. Run the following command to restart the Tomcat service:

    sudo service tomcat restart