Change default settings
It is recommended that you change the default key and password in ASE. Following is a list of commands to change the default values:
Change ase_master.key
Run the following command to create your own ASE master key to obfuscate keys and password in ASE.
Command: generate_obfkey. ASE must be stopped before creating a new ase_master.key
/opt/pingidentity/ase/bin/cli.sh generate_obfkey -u admin -p admin API Security Enforcer is running. Please stop ASE before generating new obfuscation master key
Stop ASE: Stop ASE by running the following command:
/opt/pingidentity/ase/bin/stop.sh -u admin –p admin checking API Security Enforcer status…sending stop request to ASE. please wait… API Security Enforcer stopped
Change ase_master.key: Enter the generate_obfkey command to change the default ASE master key:
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin generate_obfkey Please take a backup of config/ase_master.key, config/ase.conf, config/abs.conf, config/cluster.conf before proceeding Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh obfuscate_keys Warning: Obfuscation master key file /opt/pingidentity/ase/config/ase_master.key already exist. This command will delete it create a new key in the same file Do you want to proceed [y/n]:
Start ASE: After a new ASE master key is generated, start ASE by entering the following command:
/opt/pingidentity/ase/bin/start.sh Starting API Security Enforcer 4.0... please see /opt/pingidentity/ase/logs/controller.log for more details
Change keystore password
You can change the keystore password by entering the following command. The default password is asekeystore. ASE must be running for updating the keystore password.
Command: update_keystore_password
/opt/pingidentity/ase/bin/cli.sh update_keystore_password -u admin -p admin New password > New password again > keystore password updated