It is recommended that you change the default key and password in ASE. Following is a list of commands to change the default values:
Change ase_master.key
Run the following command to create your own ASE master key to obfuscate keys and password in ASE.
Command:
generate_obfkey
. ASE must be stopped before creating a
new ase_master.key
/opt/pingidentity/ase/bin/cli.sh generate_obfkey -u admin -p admin
API Security Enforcer is running. Please stop ASE before generating new obfuscation master key
Stop ASE: Stop ASE by running the following
command:
/opt/pingidentity/ase/bin/stop.sh -u admin –p admin
checking API Security Enforcer status…sending stop request to ASE. please wait…
API Security Enforcer stopped
Change ase_master.key: Enter the
generate_obfkey
command to
change the default ASE master
key:/opt/pingidentity/ase/bin/cli.sh -u admin -p admin generate_obfkey
Please take a backup of config/ase_master.key, config/ase.conf,
config/abs.conf, config/cluster.conf before proceeding
Warning: Once you create a new obfuscation master key, you should
obfuscate all config keys also using cli.sh obfuscate_keys
Warning: Obfuscation master key file /opt/pingidentity/ase/config/ase_master.key already exist.
This command will delete it create a new key in the same file
Do you want to proceed [y/n]:
Start ASE: After a new ASE master key is generated, start ASE by entering the
following
command:
/opt/pingidentity/ase/bin/start.sh
Starting API Security Enforcer 4.0...
please see /opt/pingidentity/ase/logs/controller.log for more details
Change keystore password
You can change the keystore password by entering the following command. The default
password is asekeystore
. ASE must be running for updating the
keystore password.
Command:
update_keystore_password
/opt/pingidentity/ase/bin/cli.sh update_keystore_password -u admin -p admin
New password >
New password again >
keystore password updated
Change admin password
You can change the default admin password by entering the following
command:
/opt/pingidentity/ase/bin/cli.sh update_password -u admin -p
Old password >
New password >
New password again >
Password updated successfully