It might be necessary to regenerate security keys on a host running Java ES. For example, if there is a risk that a root password has been exposed or compromised, you should regenerate security keys. The keys used by the common agent container services are stored in the following locations:
Solaris OS: /etc/opt/SUNWcacao/securityLinux: /etc/opt/sun/cacao/security
Under normal operation, these keys can be left in their default configuration. If you need to regenerate the keys due to a possible key compromise, you can regenerate the security keys using the following procedure.
As root, stop the common agent container management daemon.
# /opt/SUNWcacao/bin/cacaoadm stop |
Regenerate the security keys.
# /opt/SUNWcacao/bin/cacaoadm create-keys --force |
Restart the common agent container management daemon.
# /opt/SUNWcacao/bin/cacaoadm start |
In the case of Sun Cluster software, you must propagate this change across all nodes in the cluster. For more information, see How to Finish a Rolling Upgrade to Sun Cluster 3.1 8/05 Software in Sun Cluster Software Installation Guide for Solaris OS.
As root, stop the common agent container management daemon.
# /opt/sun/cacao/bin/cacaoadm stop |
Regenerate the security keys.
# /opt/sun/cacao/bin/cacaoadm create-keys --force |
Restart the common agent container management daemon.
# /opt/sun/cacao/bin/cacaoadm start |
For more information on the cacaoadm(1M) command, see the cacaoadm man page.