1. Security Guide
  2. Modifying Keystore and Truststore Files

Modifying Keystore and Truststore Files

In cases where it is necessary to modify the keystore and truststore file details, complete the steps in the following procedure.

To modify keystore and truststore files

  1. Go to the location where the keystore and truststore files are stored.

    This location is specific to Siebel Application Interface, Siebel Gateway, Siebel Configuration Agent, or any other component.

  2. Use the Java Keytool commands to edit the keystore and truststore file details as required.

    It is recommended that you keep the same keystore and truststore names and passwords to avoid editing the corresponding properties and server.xml files. However, in the event where you change the keystore and truststore names and passwords, then do the following to change the details in the properties and server.xml files:

    1. Encrypt the password using the encryptstring.jar utility

      $<javahome>\bin>java - jar
$<siebelhome>\siebel\classes\original\encryptstring.jar <<plaintext>>

    2. Go to the corresponding properties file and update the KeyStorePassword and TrustStorePassword with the encrypted value.

      You must update the encrypted password in the applicationinterface.properties file, which is located on the Siebel Application Interface in the applicationcontainer_external\webapps folder.

    3. Go to the corresponding server.xml file (located under ..\conf) and update the truststorepass and keystorepass.

      • To change the password, update the truststorepass and keystorepass in the \conf\server.xml file for Siebel Application Interface, Siebel Gateway, and Siebel Configuration Agent.

      • Update truststorepass and keystorepass under the HTTP connector.

      • Update the plain text password here:

        $<javahome>\bin>java - jar <connector port="<https port>" ... .
keystorepass="xxx" ... . truststorepass="xxx"/>

  3. Restart the application containers for all components where you made changes. For details, see Siebel System Administration Guide.

Note: Alternatively, in the event where you previously installed Siebel CRM 17.0 or later using the keystore file test.jks but used incorrect domain name or hostname credentials when creating the jks file, then do the following to use the newly created certificate (provided the password is the same) without re-installing Siebel CRM:

  • Copy the new JKS file (with the same password, but with different domain name and hostname) to the siebcerts folder under Siebel Application Interface, Siebel Gateway, Siebel Configuration Agent, or any other component.

  • Restart the application containers. For details, see Siebel System Administration Guide.