It might be necessary to regenerate security keys on a host running Java ES. For example, if there is a risk that a root password has been exposed or compromised, you should regenerate security keys. The keys used by the common agent container services are stored in the following locations:
The path to security on solaris is:
Common Agent Container V1.1:
Solaris OS: /etc/opt/SUNWcacao/security
Linux: /etc/opt/sun/cacao/security
Common Agent Container V2.x (default instance):
Solaris OS: /etc/cacao/instances/default/security
Common Agent Container V2.x, custom instance named <name>:
Solaris OS: /etc/cacao/instances/<name>/security
Under normal operation, these keys can be left in their default configuration. If you need to regenerate the keys due to a possible key compromise, you can regenerate the security keys using the following procedure.
As root, stop the common agent container management daemon.
/usr/sbin/cacaoadm stop |
Regenerate the security keys.
/usr/sbin/cacaoadm create-keys --force |
Restart the common agent container management daemon.
/usr/sbin/cacaoadm start |
In the case of Sun Cluster software, you must propagate this change across all nodes in the cluster. For more information, see How to Finish a Rolling Upgrade to Sun Cluster 3.1 8/05 Software in Sun Cluster Software Installation Guide for Solaris OS.
As root, stop the common agent container management daemon.
/opt/sun/cacao/bin/cacaoadm stop |
Regenerate the security keys.
/opt/sun/cacao/bin/cacaoadm create-keys --force |
Restart the common agent container management daemon.
/opt/sun/cacao/bin/cacaoadm start |
For more information on the cacaoadm(1M) command, see the cacaoadm man page.