Change default settings
It is recommended that you change the default key and password in ABS. Following is a list of commands to change the default values:
Change default JKS password
You can change the default password for KeyStore and the key. Complete the following steps to change the default passwords. Make sure that ABS is stopped before changing the JKS password.
-
Change the KeyStore password: Enter the following command to change the KeyStore password. The default KeyStore password is
abs123.# keytool -storepasswd -keystore config/ssl/abs.jks Enter keystore password: abs123 New keystore password: newjkspassword Re-enter new keystore password: newjkspassword
-
Change the key password: Enter the following command to change the key password. The default key password is
abs123# keytool -keypasswd -alias pingidentity -keypass abs123 -new newjkspassword -keystore config/ssl/abs.jks Enter keystore password: newjkspassword
Start ABS after you have changed the default passwords.
Change abs_master.key
Run the following command to create your own ABS master key to obfuscate keys and password in ABS.
Command: generate_obfkey. ABS must be stopped before creating a new abs_master.key
Stop ABS: If ABS is running, then stop ABS before generating a new ABS master key. Enter the following command to stop ABS:
# /opt/pingidentity/abs/bin/stop.sh checking API Behavioral Security status sending shutdown signal to ABS, please wait... API Behavioral Security stopped
Change abs_master.key: Enter the generate_obfkey command to change the default ABS master key:
/opt/pingidentity/abs/bin/cli.sh generate_obfkey -u admin -p admin Please take a backup of config/abs_master.key before proceeding. Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh -obfuscate_keys Warning: Obfuscation master key file /pingidentity/abs/config/abs_master.key already exists. This command will delete it and create a new key in the same file Do you want to proceed [y/n]: y Creating new obfuscation master key Success: created new obfuscation master key at /pingidentity/abs/config/abs_master.key
Change admin password
You can change the default admin password by entering the following command:
/opt/pingidentity/abs/bin/cli.sh update_password -u admin -p admin New Password> Reenter New Password> Success. Password updated for CLI
Change default access and secret key in MongoDB
To change the default access and secret key, stop the ABS nodes and complete the following steps:
-
Connect to MongoDB by entering the following command:
mongo --host <mongo-host> --port <mongo-port> --authenticationDatabase admin -u absuser -p abs123
absuser and abs123 is the default user name and password for MongoDB.
-
On the MongoDB prompt, run the following command:
use abs_metadata db.auth_info.updateOne( { access_key: "<new-access-key>", secret_key: "<new-secret-key>"} )Start the ABS nodes after you have changed the default access and secret key.