Update default key store passwords using scripting
Use the Jython or Jacl scripting language to change the default key store passwords. A key store file is created with a default password when you install the appserver. Change this password to protect your security configuration. Before starting this task, the wsadmin tool must be running. See the Start the wsadmin scripting client article for more information.
Overview
When you install the appserver, each server creates a key store and trust store for the default SSL configuration with the default password WebAS. To protect the security of the key store files and the SSL configuration, change the password. The following examples update the default password:
Procedure
- Change multiple key stores passwords. The changeMultipleKeyStorePasswords command updates all of the key stores that have the same password. For example:
Use Jacl:
$AdminTask changeMultipleKeyStorePasswords {-keyStorePassword WebAS -newKeyStorePassword secretPwd -newKeyStorePasswordVerify secretPwd}
- Use Jython:
AdminTask.changeMultipleKeyStorePasswords ['(-keyStorePassword WebAS -newKeyStorePassword secretPwd -newKeyStorePasswordVerify secretPwd]')
Change the password of a single key store. The changeKeyStorePassword command updates the password of an individual key store. For example:
Use Jacl:
$AdminTask changeKeyStorePassword {-keyStoreName testKS -keyStoreScope (cell):localhost:(server):server1 -keyStorePassword WebAS -newKeyStorePassword secretPwd -newKeyStorePasswordVerify secretPwd}
Use Jython: AdminTask.changeKeyStorePassword ('[-keyStoreName testKS -keyStoreScope (cell):localhost:(server):server1 -keyStorePassword WebAS -newKeyStorePassword secretPwd -newKeyStorePasswordVerify secretPwd]')
Commands for the AdminTask object
SpnegoTAICommands group for the AdminTask object