For security reasons, you should change the default master key and passwords in API Behavioral Security (ABS).
Note:
Make sure that ABS is stopped before changing the keystore password.
To change the default values:
-
To change the keystore password, enter the following command.
The default Java KeyStore (JKS) password is
abs123
.# keytool -storepasswd -keystore config/ssl/abs.jks Enter keystore password: abs123 New keystore password: newjkspassword Re-enter new keystore password: newjkspassword
-
To change the key password, enter the following command.
The default key password is
abs123
.# keytool -keypasswd -alias pingidentity -keypass abs123 -new newjkspassword -keystore config/ssl/abs.jks Enter keystore password: newjkspassword
Note:Start ABS after you have changed the default passwords.
-
Before creating a new abs_master.key, stop ABS by running the
stop.sh command.
# /opt/pingidentity/abs/bin/stop.sh checking API Behavioral Security status sending shutdown signal to ABS, please wait... API Behavioral Security stopped
-
To create your own abs_master.key to obfuscate keys and
passwords in ABS, run the generate_obfkey command.
/opt/pingidentity/abs/bin/cli.sh generate_obfkey -u admin -p admin Please take a backup of config/abs_master.key before proceeding. Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh -obfuscate_keys Warning: Obfuscation master key file /pingidentity/abs/config/abs_master.key already exists. This command will delete it and create a new key in the same file Do you want to proceed [y/n]: y Creating new obfuscation master key Success: created new obfuscation master key at /pingidentity/abs/config/abs_master.key
- To change the default admin password, run the update_password command.
/opt/pingidentity/abs/bin/cli.sh update_password -u admin -p admin New Password> Reenter New Password> Success. Password updated for CLI
- To change the default access and secret key in MongoDB, stop the ABS nodes and complete the
following:
-
Connect to MongoDB by entering the following command.
absuser
andabs123
are the default username and password for MongoDB.mongo --host<mongo-host>--port <mongo-port>--authenticationDatabase admin -u absuser -p abs123
-
On the MongoDB prompt, run the following command:
use abs_metadata db.auth_info.updateOne( { access_key: "<new-access-key>", secret_key: "<new-secret-key>"} )
- Start the ABS nodes after you have changed the default access and secret key.
-
Connect to MongoDB by entering the following command.