0002568: Protect keystore password

JumpMind · Apr 19, 2016 · ad47f6a · ad47f6a
1 parent 95e75e5
commit ad47f6a
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/symmetric-assemble/src/asciidoc/advanced-topics.ad b/symmetric-assemble/src/asciidoc/advanced-topics.ad
@@ -291,6 +291,28 @@ keytool -keystore cacerts -import -alias sym -file sym.cer
 * Copy the cacerts file that is generated by this process to
 the `security` directory of each client's SymmetricDS installation.
 
+==== Changing Keystore Password
+
+The keystore and each key entry is protected with a password that defaults to "changeit".  To change the password, use the following steps:
+
+* Open a command prompt and navigate to the `security` subdirectory of your SymmetricDS installation.
+
+* Use the keytool command to enter the old and new password for the keystore and each key entry.
+
+[source, cli]
+----
+keytool -keystore keystore -storetype jceks -storepasswd
+keytool -keystore keystore -storetype jceks -alias sym -keypasswd
+keytool -keystore keystore -storetype jceks -alias sym.secret -keypasswd
+----
+
+* Edit `bin/setenv` (or `bin\setenv.bat` on Windows) and `conf/sym_service.conf` files to find a similar line as below to change the password. 
+
+[source, cli]
+----
+-Djavax.net.ssl.keyStorePassword=changeit
+----
+
 === Java Management Extensions
 
 Monitoring and administrative operations can be performed using Java Management Extensions (JMX).

diff --git a/symmetric-server/src/main/deploy/bin/setenv b/symmetric-server/src/main/deploy/bin/setenv
@@ -31,6 +31,7 @@ SYM_OPTIONS="-Dfile.encoding=utf-8 \
 -Dorg.eclipse.jetty.server.Request.maxFormKeys=100000 \
 -Dsym.keystore.file=$SYM_HOME/security/keystore \
 -Djavax.net.ssl.trustStore=$SYM_HOME/security/cacerts \
+-Djavax.net.ssl.keyStorePassword=changeit \
 -Dlog4j.configuration=file:$SYM_HOME/conf/log4j.xml \
 -Dsun.net.client.defaultReadTimeout=1800000 \
 -Dsun.net.client.defaultConnectTimeout=1800000 \

diff --git a/symmetric-server/src/main/deploy/bin/setenv.bat b/symmetric-server/src/main/deploy/bin/setenv.bat
@@ -32,6 +32,7 @@ set SYM_OPTIONS=-Dfile.encoding=utf-8 ^
 -Dorg.eclipse.jetty.server.Request.maxFormKeys=100000 ^
 -Dsym.keystore.file="%SYM_HOME%\security\keystore" ^
 -Djavax.net.ssl.trustStore="%SYM_HOME%\security\cacerts" ^
+-Djavax.net.ssl.keyStorePassword=changeit ^
 -Dlog4j.configuration="file:%SYM_HOME%\conf\log4j.xml" ^
 -Dsun.net.client.defaultReadTimeout=1800000 ^
 -Dsun.net.client.defaultConnectTimeout=1800000 ^