Stores Used by the Session Server
Identity certificates
As a convenience, the identity certificates for each type of server are available at the following locations, outside of their respective keystores mentioned below.
-
HACloud session server certificate -
HACloud/sessionserver/etc/<computer-name>.cer
-
MSS certificate -
MSS/server/etc/<computer-name>.cer
Session server keystore and truststore
The keystore and truststore used by the session server are described in the table below.
-
Location:
HACloud/sessionserver/etc/
-
Type:
bcfks
(Bouncy Castle FIPS keystore) -
Default password:
changeit
Keystore | Function |
---|---|
keystore.bcfks |
|
truststore.bcfks |
|
Note
Trust for host emulation connections is managed by MSS. See Make a secure emulation connection to a trusted host
To change a keystore or truststore password
In HACloud/sessionserver/conf/container.properties
, update these settings:
-
server.ssl.key-store-password
-
server.ssl.trust-store-password
For security reasons it is best to use an obfuscated password. To generate one, run the following command from the HACloud/sessionserver directory:
../java/jre/bin/java -cp ./lib/jetty-util-<version>.jar org.eclipse.jetty.util.security.Password passwordToObfuscate