红帽全球峰会此内容没有您所选择的语言版本。
16.3. Encrypt the key store password
password_tool. This tool will encrypt and store your key store password. Your key store password will then be available to the JBoss Password Tool for masking passwords, and to the JBoss Application Server for decrypting them at run time.
Procedure 16.3. Encrypt the key store password
- At the command line, change to the
jboss-as/bindirectory. - Run the password tool, using the command
./password_tool.shfor Unix-based systems, orpassword_tool.batfor Windows-based systems.Result:The JBoss Password Tool will start, and will report '
Keystore is null. Please specify keystore below:'. - Select '
0: Encrypt Keystore Password' by pressing 0, then Enter.Result:The password tool responds with '
Enter keystore password'. - Enter the key store password you specified in Procedure 16.2, “Generate a key pair and key store for password masking”.Result:
The password tool responds with '
Enter Salt (String should be at least 8 characters)'. - Enter a random string of characters to aid with encryption strength.Result:
The password tool responds with '
Enter Iterator Count (integer value)'. - Enter a whole number to aid with encryption strength.Result:
The password tool responds with: '
Keystore Password encrypted into password/jboss_keystore_pass.dat'. - Select '
5:Exit' to exit.Result:The password tool will exit with the message: '
Keystore is null. Cannot store.'. This is normal. - Optional:
Make the resulting file
password/jboss_keystore_pass.datreadable by the JBoss Application Server process owner only.On Unix-based systems this is accomplished by using thechowncommand to change ownership to the JBoss Application Server process owner, andchmod 600 jboss-keystore_pass.datto make the file readable only by the owner.This step is recommended to increase the security of your server. Be aware that if this encrypted key is compromised, the security offered by password masking is significantly reduced. This file should be stored on a secure file system.Note: the JBoss Application Server process owner should not have interactive console login access. In this case you will be performing these operations as another user. Creating masked passwords requires read access to the key store, so you may wish to complete configuration of masked passwords before restricting the key store file permissions.
You should only perform this key store password encryption procedure once. If you make a mistake entering the keystore password, or you change the key store at a later date, you should delete the jboss-keystore_pass.dat file and repeat the procedure. Be aware that if you change the key store any masked passwords that were previously generated will no longer function.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}