7469-Custom-password-encryption-draft-3

7469-Custom-password-encryption-draft-3 #7469
OpenLiberty · Aug 23, 2024 · 0bfda45 · 0bfda45
1 parent 63f9fc9
commit 0bfda45
Showing 1 changed file with 13 additions and 16 deletions.
diff --git a/modules/ROOT/pages/custom-password-encryption.adoc b/modules/ROOT/pages/custom-password-encryption.adoc
@@ -10,10 +10,9 @@ The following instructions will guide you through configuring custom password en
 1. Download and unpack Open Liberty. +
 Ensure that you have the latest version of Open Liberty that is downloaded and unpacked.
 
-+
++ 
 2. Place the required files. +
 Place the following files in the specified directories.
-
 // Assisted by WCA@IBM
 // Latest GenAI contribution: ibm/granite-20b-code-instruct-v2
 [cols="2,2,6"]
@@ -38,10 +37,8 @@ The server name in this example is `test`.
 | https://https//www.ibm.com/support/pages/system/files/inline-files/customEncryption.jar[customEncryption.jar]
 | This file instructs `securityUtility` to use the custom feature.
 |=== 
-
 NOTE: If your uploaded files have different names, rename them to match the names listed in the table.
-
-+
+ + 
 3. Update `server.xml`. +
 Edit the `server.xml` to include the custom encryption feature and configure the keystore.
 
@@ -69,23 +66,23 @@ Edit the `server.xml` to include the custom encryption feature and configure the
 </server>
 ----
 
-+
+ + 
 4. Start the server +
 Start the server using the following command.
 
 [source,bash]
 ----
 server start test
 ----
-
+ +
 Verify that the keystore (`key.p12`) is created in `wlp\usr\servers\test\resources\security` and can be accessed using the specified password.
-
+ +
 [source,bash]
 ----
 keytool -list -keystore key.p12 -storepass secret -storetype PKCS12
 ----
 
-+
+ + 
 5. Verify custom password encryption service +
 Check the `messages.log` file to confirm that the custom password encryption service has started. Look for entries similar to the following.
 
@@ -96,7 +93,7 @@ Check the `messages.log` file to confirm that the custom password encryption ser
 [2/11/21 16:56:52:776 EST] 0000002d com.ibm.ws.kernel.feature.internal.FeatureManager   A CWWKF0012I: The server installed the following features: [appSecurity-2.0, appSecurity-3.0, beanValidation-2.0, cdi-2.0, distributedMap-1.0, ejbLite-3.2, el-3.0, jaspic-1.1, jaxrs-2.1, jaxrsClient-2.1, jdbc-4.2, jndi-1.0, jpa-2.2, jpaContainer-2.2, jsf-2.3, jsonb-1.0, jsonp-1.1, jsp-2.3, managedBeans-1.0, servlet-4.0, ssl-1.0, usr:customEncryption-1.0, webProfile-8.0, websocket-1.1].
 ----
 
-+
+ + 
 6. Stop the server +
 Stop the server with the following command.
 
@@ -105,11 +102,11 @@ Stop the server with the following command.
 server stop test
 ----
 
-+
+ + 
 7. Encrypt the password +
 Unlike traditional WebSphere, enabling custom password encryption in Open Liberty does not automatically encrypt passwords in `server.xml`. Use the `securityUtility` command to encrypt passwords manually.
 
-+
+ + 
 8. Confirm custom encryption is enabled +
 Run the following command to list custom encryption encodings.
 
@@ -119,10 +116,10 @@ securityUtility encode --listCustom
 
 [{"name":"custom","featurename":"usr:customEncryption-1.0","description":"%description"}]
 ----
-
+ +
 Ensure that `custom` is listed as an available encoding.
 
-+
+ + 
 9. Encode and update password +
 Encrypt the password using the following command.
 
@@ -133,14 +130,14 @@ securityUtility encode --encoding=custom secret
 {custom}OhT339Bw3wymUcP92Mkz+Q==
 ----
 
-Replace the plain text password in `server.xml` with the encrypted one.
+ Replace the plain text password in `server.xml` with the encrypted one.
 
 [source,xml]
 ----
 <keyStore id="defaultKeyStore" password="{custom}OhT339Bw3wymUcP92Mkz+Q==" />
 ---- 
 
-+
+ +  
 10. Restart the server. +
 Start the server again to ensure that the keystore opens successfully with the encrypted password.