Procedure to Modify Encryption Seed

The procedure to apply custom seed for encryption is applicable from Siebel release 23.6 and it is a non-mandatory post installation task. There is no need to re-apply customer seed in the subsequent patch once it is enabled in 23.6 or above updates.

Note: Though not required, it is recommend to use custom seed for secure Siebel implementations.

Make sure to take backup of files specified in Table 1 before making any updates.
Create a new Environment variable by the name SBL_FS_CONST and value as required seed. Seed expects alphanumeric characters and length should be of 44-50 characters long for strong encryption. If the seed length is not between 44 to 50 characters, then the encrypt string utility will give an error.

For example: set SBL_FS_CONST=j0dfbjtfhkdbjbkbnjb83h7y7fsfdbfjh66dhfkbjhh=

Steps to be followed in Windows
1. Go to System Properties → Open Environment Variables.
2. Create a new Environment variable with a name SBL_FS_CONST and value as required seed.
Steps to be followed in Non Windows
1. Go to Home Directory
2. Export SBL_FS_CONST=VALUE
  for example :
```
export SBL_FS_CONST=j0dfbjtfhkdbjbkbn
jb83h7y7fsfdbfjh66dhfkbjhh=
```
3. To verify :
```
echo $SBL_FS_CONST
```
Re-encrypt the passwords saved in various places ( detailed in Table 1) manually using EncryptString.jar. Run EncryptString.jar from the environment where custom seed is set via the environment variable SBL_FS_CONST and update them back at the same place.
Follow this step if LDAP security adapter is configured.

Edit LDAP security profile via SMC safe mode and re-enter LDAP password.
1. Login to smc in safe mode (../smc/safemode.html)
2. Select LDAP Authentication to update its password and save it.
3. Log out from SMC
Restart all the containers (AI, Migration, CG and SES containers) where re-encrypted passwords are updated.

Below is Table 1 describing specified backup files.

SN	LOCATION	FILE	VARIABLE NAMES
1	applicationcontainer_internal\webapps	configagent.properties	KeyStorePassword TrustStorePassword
1	applicationcontainer_internal\webapps	gateway.properties	KeyStorePassword TrustStorePassword registrypassword
2	applicationcontainer_external\webapps	applicationinterface.properties	Password KeyStorePassword TrustStorePassword
2	applicationcontainer_external\webapps	migration.properties	KeyStorePassword TrustStorePassword
3	It is applicable only where Event Pub-Sub feature is enabled. In addition to above changes, follow this in AI Side car - applicationcontainer_external(copy)\webapps	applicationinterface.properties	AIEgressServerKeyStorePassword KafkaKeyStorePassword KafkaTrustStorePassword KafkaPassword
3		aieventconfig.txt	Update all the instances of Password