Changing default settings - PingIntelligence for APIs

Changing default settings - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

For security reasons, you should change the default master key and passwords in API Behavioral Security (ABS).

Note:

Make sure that ABS is stopped before changing the keystore password.

To change the default values:

To change the keystore password, enter the following command.

The default Java KeyStore (JKS) password is abs123.

# keytool -storepasswd -keystore config/ssl/abs.jks
Enter keystore password:  abs123
New keystore password: newjkspassword
Re-enter new keystore password: newjkspassword

To change the key password, enter the following command.
The default key password is abs123.
```
# keytool -keypasswd -alias pingidentity -keypass abs123 -new newjkspassword -keystore config/ssl/abs.jks
Enter keystore password: newjkspassword
```
Note:
Start ABS after you have changed the default passwords.

Before creating a new abs_master.key, stop ABS by running the stop.sh command.

# /opt/pingidentity/abs/bin/stop.sh
checking API Behavioral Security status
sending shutdown signal to ABS, please wait...
API Behavioral Security stopped

To create your own abs_master.key to obfuscate keys and passwords in ABS, run the generate_obfkey command.

/opt/pingidentity/abs/bin/cli.sh generate_obfkey -u admin -p admin
Please take a backup of config/abs_master.key before proceeding.
Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh -obfuscate_keys
Warning: Obfuscation master key file
/pingidentity/abs/config/abs_master.key already exists. This command will delete it and create a new key in the same file
Do you want to proceed [y/n]: y
Creating new obfuscation master key
Success: created new obfuscation master key at /pingidentity/abs/config/abs_master.key

To change the default admin password, run the update_password command.

/opt/pingidentity/abs/bin/cli.sh update_password -u admin -p admin
New Password>
Reenter New Password>
Success. Password updated for CLI

To change the default access and secret key in MongoDB, stop the ABS nodes and complete the following:
1. Connect to MongoDB by entering the following command.
  absuser and abs123 are the default username and password for MongoDB.
```
mongo --host<mongo-host>--port <mongo-port>--authenticationDatabase admin -u absuser -p abs123
```
2. On the MongoDB prompt, run the following command:
```
use abs_metadata
db.auth_info.updateOne( { access_key: "<new-access-key>", secret_key: "<new-secret-key>"} )
```
3. Start the ABS nodes after you have changed the default access and secret key.