7469-Custom-password-encryption-change-3

7469-Custom-password-encryption-change-3 #7469
OpenLiberty · Aug 23, 2024 · 38a54b8 · 38a54b8
1 parent 0bfda45
commit 38a54b8
Showing 1 changed file with 10 additions and 19 deletions.
diff --git a/modules/ROOT/pages/custom-password-encryption.adoc b/modules/ROOT/pages/custom-password-encryption.adoc
@@ -37,8 +37,9 @@ The server name in this example is `test`.
 | https://https//www.ibm.com/support/pages/system/files/inline-files/customEncryption.jar[customEncryption.jar]
 | This file instructs `securityUtility` to use the custom feature.
 |=== 
+
 NOTE: If your uploaded files have different names, rename them to match the names listed in the table.
- + 
+
 3. Update `server.xml`. +
 Edit the `server.xml` to include the custom encryption feature and configure the keystore.
 
@@ -66,23 +67,21 @@ Edit the `server.xml` to include the custom encryption feature and configure the
 </server>
 ----
 
- + 
 4. Start the server +
 Start the server using the following command.
 
 [source,bash]
 ----
 server start test
 ----
- +
+
 Verify that the keystore (`key.p12`) is created in `wlp\usr\servers\test\resources\security` and can be accessed using the specified password.
- +
+
 [source,bash]
 ----
 keytool -list -keystore key.p12 -storepass secret -storetype PKCS12
 ----
 
- + 
 5. Verify custom password encryption service +
 Check the `messages.log` file to confirm that the custom password encryption service has started. Look for entries similar to the following.
 
@@ -93,21 +92,18 @@ Check the `messages.log` file to confirm that the custom password encryption ser
 [2/11/21 16:56:52:776 EST] 0000002d com.ibm.ws.kernel.feature.internal.FeatureManager   A CWWKF0012I: The server installed the following features: [appSecurity-2.0, appSecurity-3.0, beanValidation-2.0, cdi-2.0, distributedMap-1.0, ejbLite-3.2, el-3.0, jaspic-1.1, jaxrs-2.1, jaxrsClient-2.1, jdbc-4.2, jndi-1.0, jpa-2.2, jpaContainer-2.2, jsf-2.3, jsonb-1.0, jsonp-1.1, jsp-2.3, managedBeans-1.0, servlet-4.0, ssl-1.0, usr:customEncryption-1.0, webProfile-8.0, websocket-1.1].
 ----
 
- + 
-6. Stop the server +
+6. Stop the server. +
 Stop the server with the following command.
 
 [source,bash]
 ----
 server stop test
 ----
 
- + 
-7. Encrypt the password +
+7. Encrypt the password. +
 Unlike traditional WebSphere, enabling custom password encryption in Open Liberty does not automatically encrypt passwords in `server.xml`. Use the `securityUtility` command to encrypt passwords manually.
 
- + 
-8. Confirm custom encryption is enabled +
+8. Confirm custom encryption is enabled. +
 Run the following command to list custom encryption encodings.
 
 [source,bash]
@@ -116,28 +112,24 @@ securityUtility encode --listCustom
 
 [{"name":"custom","featurename":"usr:customEncryption-1.0","description":"%description"}]
 ----
- +
+
 Ensure that `custom` is listed as an available encoding.
 
- + 
-9. Encode and update password +
+9. Encode and update password. +
 Encrypt the password using the following command.
 
 [source,bash]
 ----
 securityUtility encode --encoding=custom secret
-
-{custom}OhT339Bw3wymUcP92Mkz+Q==
 ----
 
- Replace the plain text password in `server.xml` with the encrypted one.
+Replace the plain text password in `server.xml` with the encrypted one.
 
 [source,xml]
 ----
 <keyStore id="defaultKeyStore" password="{custom}OhT339Bw3wymUcP92Mkz+Q==" />
 ---- 
 
- +  
 10. Restart the server. +
 Start the server again to ensure that the keystore opens successfully with the encrypted password.
 
@@ -147,4 +139,3 @@ Start the server again to ensure that the keystore opens successfully with the e
 ----
 
 For more information on password encryption limitations, see the xref:password-encryption.adoc[Password encryption limitations].
-