[midPoint] Add New Encryption Key

[Gus Lou]

Hello guys
I think I found where the error is.
In the command below, I initially typed:

keytool -genseckey -alias strong -keystore /opt/midpoint/var/keystore.jceks
-storetype jceks -storepass changeit -keyalg AES -keysize 256 *-keypass
my_new_password*


I ran the command again and switched to:

keytool -genseckey -alias strong -keystore
/opt/midpoint/var/keystore.jceks -storetype jceks -storepass changeit
-keyalg AES -keysize 256* -keypass midpoint*

I initially tried to change the default midpoint password for the
encryption key with a new password

After this change I was able to successfully start the midpoint

I believe that the password for the encryption key cannot be changed, am I
right? Someone was able to change the password for the security key.

Regards

Gus


Em ter., 29 de dez. de 2020 às 11:13, Gus Lou <gugalou38 at gmail.com>
escreveu:

> Hello guys I tried to change the password for the default AES encryption
> key stored in the keystore file. For that I stopped the midpoint service
> and followed the wiki procedure:
> https://wiki.evolveum.com/display/midPoint/Encryption+and+Keys
> After creating a new key (aes256), I adjusted the midpoint configuration
> file and started the application. But Midpoint does not start, in the
> logs I can observe the following error: Couldn't encrypt node secret: No
> key mapped to alias strong could be found in the keystore. Keys by alias
> must be recompute during initialization Did I forget a step to change the
> AES key?
>
> Regards Gus
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201229/b7968511/attachment.htm>