Skip to content

Change keystore password

You can set a password to protect keystores and private keys that are stored on the Management and Security Server. The password set here protects the keystores in the MSSData/trustedcerts folder, which includes:

  • the Management and Security Server certificate and private key

  • the client certificate and private key

  • the imported certificates on the Terminal Emulator Client trusted certificate list, which are listed on the Configure Settings - Trusted Certificates panel

For details about the trustedcerts keystores and other credential stores in MSS, see the Technical Reference, Credential stores used in MSS.

To change the password for this keystore, enter the existing password and the new password. Click APPLY. If a keystore password has not been previously set, leave the Existing password field blank.

Note

This password does not protect:

  • the trusted certificates from certificate authorities (CA) for the Terminal Emulator Client that are listed in the Trusted Root Certificate Authorities table

  • the Management and Security Server Trusted Certificate list

To change the password that protects these certificates, see Keystore Password for the Trusted Certificates List.

Keystore Password for the Trusted Certificates List

The Administrative Server uses the JVM (java virtual machine) default password, changeit, to protect the Administrative Server's trusted certificate list. The keystore for the Administrative Server trusted certificate list is stored within the java.home directory for the JVM that is installed with the Administrative Server.

The default location on a Windows platform is C:\Program Files\Micro Focus\MSS\jre\lib\security. The keystore is stored in the cacerts file.

To change the password that protects the Administrative Server's trusted certificate list:

  1. Open a Command Prompt. Change to the installation directory. On a Windows platform using the default installation, change to C:\Program Files\Micro Focus\MSS\jre\lib\security. The cacerts file is in this directory.

  2. Enter the following command:

    ..\..\keytool.exe -storepasswd -v -new new_pass -keystore cacerts

    Where new_pass is your new password, and cacerts is the file in which the keystore is stored.

  3. In the Enter keystore password prompt, type the current password, which by default is changeit, and press Enter.

    The new password is saved to cacerts.

  4. Use your new password (new_pass in this example) to import an untrusted certificate when configuring LDAP or to view and modify trusted certificates on the Configure Settings - Trusted Certificates panel.