./changeSSLProperties.sh
-ssl
|
Use -ssl to enable or disable
SSL or secure connection on RDU, API client, Admin UI or PWS. In case of Admin
UI and PWS, this enables or disables the HTTPS mode of communication.
|
[rdu|api|adminui|pws]
[enable/disable]
For example:
./changeSSLProperties.sh
-ssl rdu enable
|
./changeSSLProperties.sh
-nssl
|
Use -nssl to enable or
disable non-secure connection with RDU, API client, Admin UI or PWS. In case of
Admin UI and PWS, this enables or disables the HTTP mode of communication.
|
[rdu|api| adminui|pws]
[enable/disable]
For example:
./changeSSLProperties.sh
-nssl rdu disable
|
./changeSSLProperties.sh
-secret
|
Use -secret to change the
secret key for RDU, DPE and PWS,
|
[secret]
For example:
./changeSSLProperties.sh
-secret changeme
|
./changeSSLProperties.sh -csp
|
Use -csp to change the
default non-secure port number that RDU, Admin UI, API client or PWS listen on.
By default, RDU listens on 49188.
In case of an API client, the
command lists all the secure RDU hosts and you can change the port number of
any of those RDU hosts using the tool.
|
[rdu|api|adminui|pws]
For example:
./changeSSLProperties.sh
-csp rdu
|
./changeSSLProperties.sh
-cnsp
|
Use -cnsp to change the
default non-secure port number that RDU, Admin UI, API client or PWS listen on.
By default, RDU listens on 49187.
In case of an API client, the
command lists all the secure RDU hosts and you can change the port number of
any of those RDU hosts using the tool.
|
[rdu|api|adminui|pws]
For example:
./changeSSLProperties.sh
-cnsp rdu
|
./changeSSLProperties.sh
-list
|
Use -list to list the secure
or non-secure hosts. Use argument s to list the secure hosts and ns for
non-secure hosts.
|
[s|ns]
For example:
./changeSSLProperties.sh
-list n
|
./changeSSLProperties.sh -ckl
|
Use -ckl to changes the
default keystore location. Respective property files get updated with this new
keystore location.
By default, the keystore is
stored in BPR_HOME/lib/security folder.
|
[new location]
For example:
./changeSSLProperties.sh
-ckl /opt/CSCObac/lib/
security/.keystore
|
./changeSSLProperties.sh -ckp
|
Use -ckp to change the
keystore password. You will be prompted to enter the old and new passwords. For
security reasons all passwords will be prompted.
|
[new location]
For example:
./changeSSLProperties.sh
-ckp
|
./changeSSLProperties.sh -utp
|
Use -utp to update the
truststore password in case you have changed the default truststore (cacerts)
password. This option updates only the related property files and does not
change cacerts password. Since cacerts can contain other trusted
entries/certificate chains, there is no option to change the trust store
passwords. However you can change the truststore (cacerts) password using java
keytool command, if you wish so.
|
For example:
./changeSSLProperties.sh
-utp
|
./changeSSLProperties.sh
-cpkp
|
Use -cpkp to change the
password used to store the RDU, Admin UI and PWS keys. You will be prompted for
old and new passwords. For security reasons all passwords will be prompted.
|
[rdu|adminui|pws]
For example:
./changeSSLProperties.sh
-cpkp
|
./changeSSLProperties.sh -gk
|
Use -gk to generates a key
pair, a public key and an associated private key.
The new created RDU key pair
is stored in the .keystore file under BPR_HOME/lib/security. The following
values would be set by default (keylength 1024, validity 2 years, keyalg RSA,
alias rducert, storetype JCEKS).
You will be prompted for both
keystore and key passwords.
|
For example:
./changeSSLProperties.sh
-gk
|
./changeSSLProperties.sh -exp
|
Use -exp to self-sign and
export the certificate.
This option locates you
keystore file, self-signs the RDU certificate and exports rootCA.crt and
rootCA.pem files to the BPR_HOME/lib/security folder.
|
For example:
./changeSSLProperties.sh
-exp
|
./changeSSLProperties.sh -imp
|
Use -imp to import a
certificate to the cacerts trust store so that a chain of trust can be
established between the certificate and RDU. If a chain of trust cannot be
established, an error message appears.
In case of CNR-EP you should
copy the rootCA.pem file to the machine where CNR-EP is installed. The files
must be copied under the BPR_HOME/bin/security folder.
|
[location form where to
import] [alias]
For example:
./changeSSLProperties.sh
-imp
|
./changeSSLProperties.sh
-help
|
Use -help to view the help
tips.
|
For example:
./changeSSLProperties.sh
-help
|