You can set a password to protect keystores and private keys that are stored on the Management and Security Server. The password set here protects the keystores in the MSSData/trustedcerts folder, which includes:
the Management and Security Server certificate and private key
the client certificate and private key
the imported certificates on the Terminal Emulator Client trusted certificate list, which are listed on thepanel
For details about the trustedcerts keystores and other credential stores in MSS, see the Technical Reference, Credential stores used in Management and Security Server.
To change the password for this keystore, enter the existing password and the new password. Click. If a keystore password has not been previously set, leave the field blank.
NOTE:This password does not protect:
the trusted certificates from certificate authorities (CA) for the Terminal Emulator Client that are listed in the Trusted Root Certificate Authorities table on the panel.
the Management and Security Server Trusted Certificate list.
To change the password that protects these certificates, see Keystore Password for the Trusted Certificates List.
The Administrative Server uses the JVM (java virtual machine) default password, changeit, to protect the Administrative Server's trusted certificate list. The keystore for the Administrative Server trusted certificate list is stored within the java.home directory for the JVM that is installed with the Administrative Server.
The default location on a Windows platform is C:\Program Files\Micro Focus\MSS\jre\jre\lib\security. The keystore is stored in the cacerts file.
To change the password that protects the Administrative Server's trusted certificate list:
Open a C:\Program Files\Micro Focus\MSS\jre\jre\lib\security. The cacerts file is in this directory.. Change to the installation directory. On a Windows platform using the default installation, change to
Enter the following command:
..\..\keytool.exe -storepasswd -v -new new_pass -keystore cacerts
Where new_pass is your new password, and cacerts is the file in which the keystore is stored.
In the changeit, and press .prompt, type the current password, which by default is
The new password is saved to cacerts.
Use your new password (new_pass in this example) to import an untrusted certificate when configuring LDAP or to view and modify trusted certificates on the panel.