
Using Enhanced Security Features
268 EncrypTight User Guide
Changing the Password Used in the ETKMS Properties File
The ETKMS properties file includes an entry for the keystore password that the ETKMS software uses
for functions that access the keystore.
To change the password listed in the ETKMS properties file:
1 Use a text editor to edit the file
2 Find the section labelled “Certificate configuration” and enter the new password for the
keystorePassword entry.
For example:
# Certificate configuration
If you change the password stored in the ETKMS properties file, you must also change the password for
the keystore that is used by the keytool utility. If the keystore password and the password stored in the
ETKMS properties file do not match, errors will be logged and the ETKMS will be unable to generate and
renew encryption keys. For instructions on changing the password used by keytool, see “Change the
Password Used by Keytool” on page 267.
Restart the ETKMS Service
To start the ETKMS service:
1 Open an SSH session and log into the ETKMS.
2 At the command line, enter
service etkms start
Changing the Keystore Password on a ETKMS with an HSM
The HSM uses two passwords, one for the Security Officer role, and one for a User role. On the ETKMS,
these are set to the same value. In order to change the password, you must use the
HSMPwdChg.sh script.
To change the HSM password:
1 Switch to the
/opt/etkms/bin directory by typing:
cd /opt/etkms/bin
This will print out the value of the current password, based on the contents of the
coLicense.properties file. Make note of this value. You will need to provide it when you change
the passwords.
3 Using a text editor, open the
coLicense.properties file and change the current value of
etkmsLicense property.
4 Obtain the new password by typing: