Skip to main content

Changing keystore and key passwords

To change the service keystore password, set the entry org.apache.wss4j.crypto.merlin.keystore.password in the etc/keystores/serviceKeystore.properties to the password of your servicestore.jks keystore.

To change the service key password, edit the following configurations where the service key is used for signature:
etc/org.talend.esb.auxiliary.storage.service.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties
etc/org.talend.esb.job.service.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties
etc/org.talend.esb.registry.service.admin.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties
etc/org.talend.esb.registry.service.lookup.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties
etc/org.talend.esb.sam.service.rest.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties
etc/org.talend.esb.sam.service.soap.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/serviceKeystore.properties

In addition to the keystore properties file reference, the following related properties are defined:

security.signature.username = myservicekey
security.signature.password = skpass

Where the service keystore is used, the key alias (the username property) and the key password (the password property) must match the corresponding parameters of the key.

To change the client keystore password, set the entry org.apache.wss4j.crypto.merlin.keystore.password the in etc/keystores/clientKeystore.properties to the password of your clientstore.jks keystore.

To change the client key password, edit the following configurations where the client key is used for signature or SAML token requests:
org.talend.esb.job.client.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties
org.talend.esb.sam.agent.cfg:security.signature.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties

In addition to the keystore properties file reference, the following related properties are defined:

security.signature.username = myclientkey
security.signature.password = ckpass
Furthermore, some configurations use the client key as identity for token requests at STS:
org.talend.esb.auxiliary.storage.client.rest.cfg:security.sts.token.properties = clientKeystore.properties
org.talend.esb.job.client.sts.cfg:security.sts.token.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties
org.talend.esb.registry.client.policy.cfg:security.sts.token.properties = clientKeystore.properties
org.talend.esb.registry.client.wsdl.cfg:security.sts.token.properties = clientKeystore.properties
org.talend.esb.sam.agent.cfg:security.sts.token.properties = file:${tesb.home}/etc/keystores/clientKeystore.properties

In addition to the keystore properties file reference, they define the following related properties:

security.sts.token.username = myclientkey

Where the client keystore is used, the key alias (the username property) and the key password (the password property) must match the corresponding parameters of the key.

To change the STS keystore password, set the entry org.apache.wss4j.crypto.merlin.keystore.password in the etc/keystores/stsKeystore.properties to the password of your sts.jks keystore.

For the STS key, the key alias mystskey and the key password stskpass cannot be changed because separate key passwords will disappear anyway in the future as they are specific to the proprietary Java keystore format.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here