Highlighted
Absent Member.. Absent Member..
Absent Member..
1863 views

Reset the Server Keystore Password outside of JMX Console

Jump to solution

Hello Experts,

 

I have a customer who accidently placed in the incorrect password when attempting to change keystore passwords. UCMDB cannot start and we cannot get to the JMX to change the password.

 

I've attempted to use the setting overrides jetty.password.ssl in the settings.override config file (as it's the Jetty server that cannot start up due to password mismatch between server and DB). Unfortunately this did not work. What is the proper command to override the UCMDB service's JMX keystore password, if anything?

 

The UCMDB hardening guide has stated that changing the password in the JMX will change the keystore password stored on the database. Will a database restoration allow CMDB to revert the default password? Where is the JMX keystore password stored in the UCMDB database?

 

While this is all happening a non-production instance, the customer would like to avoid reinstalling the product as there are a number of customizations they would like to retain.

-----
Christian Lacsina, Engineer
Effectual Systems Group, Inc.
http://www.effectualsystems.com/
Tags (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Reset the Server Keystore Password outside of JMX Console

Jump to solution
This issue was resolved shortly after my post by inserting the keystore file which used the password matching the JMX entry.

However, I would like to let everybody know that attempting to change the keystore password will not work, even by using Keytool. The password entered into the JMX must not only match the keystore file's password, but that password must be the password set when the keystore was generated. Attempting to chnage the password with keytool may not work.
-----
Christian Lacsina, Engineer
Effectual Systems Group, Inc.
http://www.effectualsystems.com/

View solution in original post

0 Likes
2 Replies
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Reset the Server Keystore Password outside of JMX Console

Jump to solution
This issue was resolved shortly after my post by inserting the keystore file which used the password matching the JMX entry.

However, I would like to let everybody know that attempting to change the keystore password will not work, even by using Keytool. The password entered into the JMX must not only match the keystore file's password, but that password must be the password set when the keystore was generated. Attempting to chnage the password with keytool may not work.
-----
Christian Lacsina, Engineer
Effectual Systems Group, Inc.
http://www.effectualsystems.com/

View solution in original post

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Reset the Server Keystore Password outside of JMX Consol

Jump to solution

HI 

I make some changes on my environment and now i getting the Keystore was tampered with, or password was incorrect, as error. I tried to revert backthe snapshot that i created but unfortuantely after reverting back the snapshot i am getting the same error just after the reverting back. Now it is not providing me the UI. Could you please help me on this.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.