Howto: Change the Master Encryption Key Storage Directory in RSA Identity Governance and Lifecycle (IGL)
Originally Published: 2018-03-22
Article Number
Applies To
RSA Version/Condition: 7.0.1 and higher
Issue
Resolution
Wildfly Standalone (non-clustered) hardware or software appliance
Modify /home/oracle/wildlfy/standalone/configuration/aveksa-standalone-full.xml and adjust the property in this section:<system-properties>
<propertyname="jboss.bind.address.management"value="0.0.0.0"/>
<propertyname="rsavialg.security.keydir"value="/home/oracle/security"/>
</system-properties>
Wildfly Clustered hardware or software appliance
Modify /home/oracle/wildfly/domain/configuration/domain.xml and adjust the property in this section:<system-properties>
<propertyname="java.net.preferIPv4Stack"value="true"/>
<propertyname="rsavialg.security.keydir"value="/home/oracle/security"/>
</system-properties>
Websphere, Standalone or Clustered
In the Admin console for WebSphere:- Select the server: Servers -> Server types -> WebSphere application servers -> Select server.
- Choose the server used for RSA IGL.
- Under the Configuration tab, select Server Infrastructure -> Java and Process Management -> Process Definition.
- Under Additional Properties, select Java Virtual Machine -> Custom Properties.
- Select New. Name:rsavialg.security.keydir, Value:<directory path for master encryption key>
(Standalone) rsavialg.security.keydir=<directory path for the master encryption key>
(Cluster) rsavialg.security.keydir=<server and directory path for the master encryption key>
Weblogic, Standalone or Clustered
There are two common methods used by WebLogic Installations for setting JVM arguments. These methods may not map to your environment if you use custom scripts for starting a WebLogic application server instance. Consult the WebLogic administrator on how the JVM settings are set for your given environment.Edit the WebLogin Domain startup enviroments script
This is typically done on a standalone system and would be required if using the AdminServer as the instance where you are deploying RSA IGL. Edit the setDomainEnv.sh file for the domain in which you will be deploying the RSA IGL application.For example, from $WEBLOGIC_HOME/user_projects/domains/<domain_name>/bin, add the following settings to the beginning of the setDomainEnv script, where WL_HOME is set.
JAVA_OPTIONS="$JAVA_OPTIONS-Drsavialg.security.keydir=<directory path for the master encryption key>" export JAVA_OPTIONS
Specify JVM arguments within the Admin Console for a server instance
This is typically used if tour servers are managed via NodeManager. From the Admin Console:- Environment -> Servers -> Select server
- Configuration tab -> Server Start tab
- Add the startup setting -Drsavialg.security.keydir=<directory path for the master encryption key> to the Arguments field.
Notes
Anytime that you change the value of the Java system property after the keys have already been created (meaning after you configured the property and brought the system back up), you must bring down the system and move the keys to the new location before bringing up the system again.
Related Articles
"ORA-00020: maximum number of processes (500) exceeded" when attempting to connect to the Oracle Database on IGL Number of Views RSA G&L Community Exchange Overview and FAQs Number of Views RSA Governance & Lifecycle Recipes: Generating Coverage Files from Reports Number of Views Error: 'Error 2755 - an error occurred while installing the software over the network. If this error occurs again copy th… Number of Views installDatabaseOnly.sh script fails with error "No such file or directory" in RSA Governance & Lifecycle Number of Views
Trending Articles
RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide User Event Monitor Messages for Cloud Access Service (1501 - 20406) RSA Release Notes for RSA Authentication Manager 8.8 Troubleshooting RSA MFA Agent for Microsoft Windows RSA MFA Agent 2.5 for Microsoft Windows Group Policy Object Template Guide
Don't see what you're looking for?
