Black Box ET0010A User Manual

Using Enhanced Security Features

268

EncrypTight User Guide

Changing the Password Used in the ETKMS Properties File

The ETKMS properties file includes an entry for the keystore password that the ETKMS software uses
for functions that access the keystore.

To change the password listed in the ETKMS properties file:
1 Use a text editor to edit the file

/opt/etkms/conf/kdist.properties

2 Find the section labelled

“Certificate configuration”

and enter the new password for the

keystorePassword

entry.

For example:

# Certificate configuration
keystore=etkms.keystore
keystorePassword=myPassword

NOTE

If you change the password stored in the ETKMS properties file, you must also change the password for
the keystore that is used by the keytool utility. If the keystore password and the password stored in the
ETKMS properties file do not match, errors will be logged and the ETKMS will be unable to generate and
renew encryption keys. For instructions on changing the password used by keytool, see

“Change the

Password Used by Keytool” on page 267

Restart the ETKMS Service

To start the ETKMS service:
1 Open an SSH session and log into the ETKMS.
2 At the command line, enter

service etkms start

Changing the Keystore Password on a ETKMS with an HSM

The HSM uses two passwords, one for the Security Officer role, and one for a User role. On the ETKMS,
these are set to the same value. In order to change the password, you must use the

HSMPwdChg.sh

script.

To change the HSM password:
1 Switch to the

/opt/etkms/bin

directory by typing:

cd /opt/etkms/bin

2 Type:

/HSMPwdChg.sh

This will print out the value of the current password, based on the contents of the

coLicense.properties

file. Make note of this value. You will need to provide it when you change

the passwords.

3 Using a text editor, open the

coLicense.properties

file and change the current value of

etkmsLicense

property.

4 Obtain the new password by typing: