changing the master password
I need to encrypt the db credentials in glassfish. To do this I have used create-password-alias and this encrypts the db passwords just fine. My issue is that the encryption key for the db password is the glassfish master password. Keeping it at the default password is a security hole but if I change the master password I run into a problem.
I can start glassfish with the new master password but my secure port encounters an SSL error. My unsecure port is live just fine but none of my secured wsdls work. I found a solution which was to add the keystore password to the jvm-options in the domain.xml. But as far as I can see, the keystore has to be the same as the glassfish master password, if I change it, glassfish won't start. Does anyone know if this is true? Can the keystore password be different than the master password?
If not, is there a way to encrypt the password in the jvm-options? The domain.xml needs to be read available to developers. These are the jvm-options I had to add:
I have tried creating an alias password for these parameters but this did not work. Looks to me that a config service is used to kick off glassfish (with these jvm-options) but doesn't know how to use alias passwords.
The two options that I can see is either encrypting the password in the jvm-options or using a different keystore password than the master-password.