It is recommended that you change the default key and password in ASE. Following is a list of commands to change the default values:
Change ase_master.key
Run the following command to create your own ASE master key to obfuscate keys and password in ASE.
generate_obfkey
. ASE must be stopped before creating
a new
ase_master.key
/opt/pingidentity/ase/bin/cli.sh admin generate_obfkey -u admin -p admin
API Security Enforcer is running. Please stop ASE before generating new obfuscation master key
/opt/pingidentity/ase/bin/stop.sh -u admin –p admin
checking API Security Enforcer status…sending stop request to ASE. please wait…
API Security Enforcer stopped
generate_obfkey
command to
change the default ASE master
key:/opt/pingidentity/ase/bin/cli.sh -u admin -p admin generate_obfkey
Please take a backup of config/ase_master.key, config/ase.conf,
config/abs.conf, config/cluster.conf before proceeding
Warning: Once you create a new obfuscation master key, you should
obfuscate all config keys also using cli.sh obfuscate_keys
Warning: Obfuscation master key file /opt/pingidentity/ase/config/ase_master.key already exist.
This command will delete it create a new key in the same file
Do you want to proceed [y/n]:
After you change the ase_master.key
, you need to obfuscate all keys and
passwords with the new ase_master.key
. Enter the keys and passwords in
ase.conf
, abs.conf
, and
cluster.conf
in plain text and run the obfuscation commands. For
more information on obfuscation, see Obfuscate keys and passwords.
/opt/pingidentity/ase/bin/start.sh
Starting API Security Enforcer 4.1...
please see /opt/pingidentity/ase/logs/controller.log for more details
Change keystore password
You can change the keystore password by entering the following command. The default
password is asekeystore
. ASE must be running for updating the
keystore password.
update_keystore_password
/opt/pingidentity/ase/bin/cli.sh update_keystore_password -u admin -p admin
New password >
New password again >
keystore password updated
Change admin password
/opt/pingidentity/ase/bin/cli.sh update_password -u admin
Old password >
New password >
New password again >
Password updated successfully
Any change in the ASE admin password must be updated in the PingIntelliegence for APIs Dashboard. Add the new password to <pi_install_dir>/webgui/config/webgui.properties and obfuscate it.