Skip to main content

changing the master password

1 reply [Last post]
ELFanatic
Offline
Joined: 2012-11-12
Points: 0

I need to encrypt the db credentials in glassfish. To do this I have used create-password-alias and this encrypts the db passwords just fine. My issue is that the encryption key for the db password is the glassfish master password. Keeping it at the default password is a security hole but if I change the master password I run into a problem.

I can start glassfish with the new master password but my secure port encounters an SSL error. My unsecure port is live just fine but none of my secured wsdls work. I found a solution which was to add the keystore password to the jvm-options in the domain.xml. But as far as I can see, the keystore has to be the same as the glassfish master password, if I change it, glassfish won't start. Does anyone know if this is true? Can the keystore password be different than the master password?

If not, is there a way to encrypt the password in the jvm-options? The domain.xml needs to be read available to developers. These are the jvm-options I had to add:
-Djavax.net.ssl.keyStorePassword=[new password]
-Djavax.net.ssl.trustStorePassword=[new password]

I have tried creating an alias password for these parameters but this did not work. Looks to me that a config service is used to kick off glassfish (with these jvm-options) but doesn't know how to use alias passwords.

The two options that I can see is either encrypting the password in the jvm-options or using a different keystore password than the master-password.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kumar Jayanti Guest
Offline
Joined: 2011-04-02
Points: 0

Keystore is protected by the masterpassword. But it should be possible to change the masterpassword from the default value changeit. If that is not working file a bug.
On Nov 13, 2012, at 5:20 AM, forums@java.net wrote:

> I need to encrypt the db credentials in glassfish. To do this I have used
> create-password-alias and this encrypts the db passwords just fine. My issue
> is that the encryption key for the db password is the glassfish master
> password. Keeping it at the default password is a security hole but if I
> change the master password I run into a problem. I can start glassfish with
> the new master password but my secure port encounters an SSL error. My
> unsecure port is live just fine but none of my secured wsdls work. I found a
> solution which was to add the keystore password to the jvm-options in the
> domain.xml. But as far as I can see, the keystore has to be the same as the
> glassfish master password, if I change it, glassfish won't start. Does anyone
> know if this is true? Can the keystore password be different than the master
> password? If not, is there a way to encrypt the password in the jvm-options?
> The domain.xml needs to be read available to developers. These are the
> jvm-options I had to add: -Djavax.net.ssl.keyStorePassword=[new password]
> -Djavax.net.ssl.trustStorePassword=[new password] I have tried creating an
> alias password for these parameters but this did not work. Looks to me that a
> config service is used to kick off glassfish (with these jvm-options) but
> doesn't know how to use alias passwords. The two options that I can see is
> either encrypting the password in the jvm-options or using a different
> keystore password than the master-password.
>
> --
>
> [Message sent by forum member 'ELFanatic']
>
> View Post: http://forums.java.net/node/892230
>
>