diff --git a/modules/ROOT/pages/custom-password-encryption.adoc b/modules/ROOT/pages/custom-password-encryption.adoc index ec2bc79b3..9c70a43e0 100644 --- a/modules/ROOT/pages/custom-password-encryption.adoc +++ b/modules/ROOT/pages/custom-password-encryption.adoc @@ -10,10 +10,9 @@ The following instructions will guide you through configuring custom password en 1. Download and unpack Open Liberty. + Ensure that you have the latest version of Open Liberty that is downloaded and unpacked. -+ ++ 2. Place the required files. + Place the following files in the specified directories. - // Assisted by WCA@IBM // Latest GenAI contribution: ibm/granite-20b-code-instruct-v2 [cols="2,2,6"] @@ -38,10 +37,8 @@ The server name in this example is `test`. | https://https//www.ibm.com/support/pages/system/files/inline-files/customEncryption.jar[customEncryption.jar] | This file instructs `securityUtility` to use the custom feature. |=== - NOTE: If your uploaded files have different names, rename them to match the names listed in the table. - -+ + + 3. Update `server.xml`. + Edit the `server.xml` to include the custom encryption feature and configure the keystore. @@ -69,7 +66,7 @@ Edit the `server.xml` to include the custom encryption feature and configure the ---- -+ + + 4. Start the server + Start the server using the following command. @@ -77,15 +74,15 @@ Start the server using the following command. ---- server start test ---- - + + Verify that the keystore (`key.p12`) is created in `wlp\usr\servers\test\resources\security` and can be accessed using the specified password. - + + [source,bash] ---- keytool -list -keystore key.p12 -storepass secret -storetype PKCS12 ---- -+ + + 5. Verify custom password encryption service + Check the `messages.log` file to confirm that the custom password encryption service has started. Look for entries similar to the following. @@ -96,7 +93,7 @@ Check the `messages.log` file to confirm that the custom password encryption ser [2/11/21 16:56:52:776 EST] 0000002d com.ibm.ws.kernel.feature.internal.FeatureManager A CWWKF0012I: The server installed the following features: [appSecurity-2.0, appSecurity-3.0, beanValidation-2.0, cdi-2.0, distributedMap-1.0, ejbLite-3.2, el-3.0, jaspic-1.1, jaxrs-2.1, jaxrsClient-2.1, jdbc-4.2, jndi-1.0, jpa-2.2, jpaContainer-2.2, jsf-2.3, jsonb-1.0, jsonp-1.1, jsp-2.3, managedBeans-1.0, servlet-4.0, ssl-1.0, usr:customEncryption-1.0, webProfile-8.0, websocket-1.1]. ---- -+ + + 6. Stop the server + Stop the server with the following command. @@ -105,11 +102,11 @@ Stop the server with the following command. server stop test ---- -+ + + 7. Encrypt the password + Unlike traditional WebSphere, enabling custom password encryption in Open Liberty does not automatically encrypt passwords in `server.xml`. Use the `securityUtility` command to encrypt passwords manually. -+ + + 8. Confirm custom encryption is enabled + Run the following command to list custom encryption encodings. @@ -119,10 +116,10 @@ securityUtility encode --listCustom [{"name":"custom","featurename":"usr:customEncryption-1.0","description":"%description"}] ---- - + + Ensure that `custom` is listed as an available encoding. -+ + + 9. Encode and update password + Encrypt the password using the following command. @@ -133,14 +130,14 @@ securityUtility encode --encoding=custom secret {custom}OhT339Bw3wymUcP92Mkz+Q== ---- -Replace the plain text password in `server.xml` with the encrypted one. + Replace the plain text password in `server.xml` with the encrypted one. [source,xml] ---- ---- -+ + + 10. Restart the server. + Start the server again to ensure that the keystore opens successfully with the encrypted password.