Environment
Situation
Resolution
Making Changes to the Communication Layer (iSCALE)
Change the encryption method and the key using keymgr. The program generates a file in the lib directory of a Sentinel installation ($ESEC_HOME/lib or %ESEC_HOME%\lib) called .keystore. This file must be copied to each machine that has an e-Security component installed.
Best pratices recommends that the default security key be changed to provide unique encryption and authentication parameters.
Making key changes or enable other encryption methods
- For Solaris, login as esecadm. For Windows, login as a user with administrative rights.
- cd to:
For Windows:
%ESEC_HOME%\lib
For Solaris:
$ESEC_HOME/lib
- Run the following script:
java
–jar keymgr.jar --keyalgo
This will allow you to set your encryption method. A file called .keystore will be created in the lib directory.
NOTE: Another method of executing this command is:
java -cp keymgr.jar;bcprov-jdk14-118.jar
com.esecurity.system.KeyManager --keyalgo
4.Copy .keystore to each machine with a Sentinel component installed. The file should be copied to:
For Windows:
%ESEC_HOME%
For Solaris:
$ESEC_HOME
5.If the Sentinel environment is set for Windows Authentication, skip this step.
§On the machine where DAS is installed, cd to:
%ESEC_HOME%\sentinel\config
§run the following commands:
For Windows:
dbconfig.bat -a . -p
For Solaris:
dbconfig
-a . -p
§Restart all services for .keystore to be reloaded.
NOTE: For more information about the dbconfig command, go the Sentinel Reference User's Guide – Sentinel Data Access Service.