Create your own ASE master key to obfuscate keys and password in ASE.
ASE must be stopped before creating a new ase_master.key.
To create your own ASE master key:
-
Run the following command to create your own ASE master key to obfuscate keys
and password in ASE: generate_obfkey.
/opt/pingidentity/ase/bin/cli.sh generate_obfkey -u admin -p admin API Security Enforcer is running. Please stop ASE before generating new obfuscation master key -
Stop ASE by running the following command:
/opt/pingidentity/ase/bin/stop.sh -u admin –p admin checking API Security Enforcer status…sending stop request to ASE. please wait… API Security Enforcer stopped -
Enter the generate_obfkey command to change the default ASE
master key:
/opt/pingidentity/ase/bin/cli.sh -u admin -p admin generate_obfkey Please take a backup of config/ase_master.key, config/ase.conf, config/abs.conf, config/cluster.conf before proceeding Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh obfuscate_keys Warning: Obfuscation master key file /opt/pingidentity/ase/config/ase_master.key already exist. This command will delete it create a new key in the same file Do you want to proceed [y/n]: -
After a new ASE master key is generated, start ASE by entering the following
command:
/opt/pingidentity/ase/bin/start.sh Starting API Security Enforcer 4.0... please see /opt/pingidentity/ase/logs/controller.log for more details