Change keystore password
You can set a password to protect keystores and private keys that are stored on the Management and Security Server. The password set here protects the keystores in the MSSData/trustedcerts
folder, which includes:
-
the Management and Security Server certificate and private key
-
the client certificate and private key
-
the imported certificates on the Terminal Emulator Client trusted certificate list, which are listed on the Configure Settings - Trusted Certificates panel
For details about the trustedcerts
keystores and other credential stores in MSS, see the Technical Reference, Credential stores used in MSS.
To change the password for this keystore, enter the existing password and the new password. Click APPLY. If a keystore password has not been previously set, leave the Existing password field blank.
Note
This password does not protect:
-
the trusted certificates from certificate authorities (CA) for the Terminal Emulator Client that are listed in the Trusted Root Certificate Authorities table
-
the Management and Security Server Trusted Certificate list
To change the password that protects these certificates, see Keystore Password for the Trusted Certificates List.
Keystore Password for the Trusted Certificates List
The Administrative Server uses the JVM (java virtual machine) default password, changeit
, to protect the Administrative Server's trusted certificate list. The keystore for the Administrative Server trusted certificate list is stored within the java.home
directory for the JVM that is installed with the Administrative Server.
The default location on a Windows platform is C:\Program Files\Micro Focus\MSS\jre\lib\security
. The keystore is stored in the cacerts
file.
To change the password that protects the Administrative Server's trusted certificate list:
-
Open a Command Prompt. Change to the installation directory. On a Windows platform using the default installation, change to
C:\Program Files\Micro Focus\MSS\jre\lib\security
. Thecacerts
file is in this directory. -
Enter the following command:
..\..\keytool.exe -storepasswd -v -new new_pass -keystore cacerts
Where
new_pass
is your new password, andcacerts
is the file in which the keystore is stored. -
In the Enter keystore password prompt, type the current password, which by default is
changeit
, and press Enter.The new password is saved to
cacerts
. -
Use your new password (
new_pass
in this example) to import an untrusted certificate when configuring LDAP or to view and modify trusted certificates on the Configure Settings - Trusted Certificates panel.