The Message Queue SSL keystore stores the server certificates that the Message Queue uses for SSL communication. When you change the password for the Message Queue SSL keystore, you update the public/private key pair that signs the server certificates.
You may need to regularly change the password for the Message Queue SSL keystore to comply with your organization's security and password policies.
Before you change the password for the Message Queue SSL keystore, note the following:
ACServer/MessageQueue/conf/keystore.p12
Important! If you have more than one Distribution Server in your enterprise, first change the password on the Distribution Server installed on the Enterprise Management Server, then change the password on the other Distribution Servers in your enterprise. The Message Queue is part of the Distribution Server.
To change the password for the Message Queue SSL keystore
JDK/bin
keytool -genkey -keyalg RSA -keysize 1024 -keystore "keystore.p12" -storetype PKCS12 -dname "cn=acmq" -alias acmq -storepass "password" -keypass "password"
Specifies that the command creates a key pair (public and private keys).
Specifies to use the RSA algorithm to generate the key pair.
Specifies that the size of the generated key is 1024 bits.
Specifies that the generated key is in the PKCS12 file format.
Specifies that X.500 distinguished name for the generated certificate is acmq. This name is used in the issuer and subject fields of the certificate.
Specifies to update the keystore entry names acmq.
Specifies the password that protects the Message Queue SSL keystore. The password must be identical to the password that you specify for the -keypass parameter.
Specifies the password that protects the private key of the new key pair. The password must be identical to the password that you specify for the -storepass parameter.
The keytool utility changes the password for the Message Queue SSL keystore.
DistServer/MessageQueue/tibco/bin/ems
tibemsadmin -mangle password
The password for the SSL keystore is encrypted.
The Message Queue uses the localhost as the URL.You can modify the URL to use the fully qualified distinguished name (FQDN) of the host by modifying the tibco-jms-ds.xml file.
The URL information is stored in the Message Queue in the following XML file, where JBoss_HOME is the directory where you installed JBoss:
JBoss_home/server/default/deploy/jms/tibco-jms-ds.xml
Follow these steps:
JBoss_home\server\default\deploy\jms
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\Common\commmunication
The default value is ssl://localhost:7243.
The CA ControlMinder Message Queue URL is changed.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|