Versions Compared

Version Old Version 2 New Version Current
Changes made by

Ashhad Alam

Rohan Dhanwade

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Corrected links that should have been relative instead of absolute.

When any Template executes, all temporary files are stored in a repository folder. To prevent it from misuse, you may want to secure the folder. You can secure the repository folder by encrypting data in the folder. 

To encrypt the data, you need to configure the following:

  • Create Keystore using Keytool
  • Configure Keystore in Adeptia Connect

Creating a Keystore

A Keystore stores your certificates and private keys that you can give to your client. You can create a keystore either manually or by uploading a keystore file. Follow the steps below to create a Keystore:

  • Click Configure > SECURITY > Keystore/Truststore.
  • Click Create Keystore/Truststore.
    • In the Create Keystore/Truststore window, 
    Image Removed
  • In the Name and Description fields, enter the name and description of the Keystore respectively.
  • In the Create field, select the Keystore option.
    • In the Creation Mode field, select the option Upload or Manual based on the requirements.
    If you want

    to create

    a keystore by uploading a keystore file, select the Upload option as a Creation Mode and follow the steps below:
    In the Upload Keystore field, click Browse…, navigate to the PKCS12 or JKS keystore file type,

    and

    click Open to upload your keystore file.
  • If you upload a keystore file with no extension then define the type of the Keystore by selecting the option from the Keystore Type field.
  • In the Keystore Password and Confirm Password fields, enter the same password for the Keystore.
  • In the Private Key Password and Confirm Password fields, enter the same private key password for the Keystore.
  • In the Select Project field, select the project.
  • Click Save.
    • If you want to manually

    configure a

    Keystore, select the Manual option as a Creation Mode and follow the steps below:
    In the

    Keystore

    Type field, select either JKS or PKCS12

    .

     

  • In the Keystore Password and Confirm Password fields, enter the same password for the Keystore.

  • In the Private Key Password and Confirm Password fields, enter the same private key password for the Keystore.
  • In the Alias field, enter a name for the identity of the keystore that you are creating.
  • In the Key Algorithm field, select an algorithm to encrypt your keystore. You can choose from either DSA or RSA.
  • In the Key Size field, specify the encryption key size of the encryption algorithm. The minimum size for DSA is 512 and for RSA is 1024 but we recommend that you use an algorithm of at least 1024 and 2048 key size respectively.
  • In the Common Name field, enter a name that you want to associate with the generated certificate, like a name of a person, e.g. "Susan Jones".
  • In the Organization Unit field, enter the name of the organization unit where you work.
  • In the Organization Name field, enter the name of your organization.
  • In the Locality field, enter the locality of your organization.
  • In the State field, enter the state where your organization is situated.
  • In the Validity field, enter the number of days for which your keystore will be valid.
  • In the Signature Algorithm field, select an algorithm to encrypt your signature. You can choose from SHA1 with DSA, SHA1 with RSA, MD5 with RSA, and RIPEMD160 with RSA.
  • In the Select Project field, select the project.
    • Click Save.

    Table of Contents
    maxLevel2

    Creating a Keystore using Keytool

    1. Open Command Prompt.
    2. Go to the directory where JRE is installed (for example, C:/Program Files/Java/jre8/bin).
    3. Run the following Keytool command to create a Keystore.

      For Windows:

      keytool.exe -genseckey -keystore <Keystore_path> -storetype <store_type> -storepass <Keystore_password> -keyalg AES -keysize 256 -alias <alias_name> -keypass <Key_password>

      For example:

      keytool.exe -genseckey -keystore <> -storetype JCEKS -storepass changeit -keyalg AES -keysize 256 -alias <> -keypass changeit

      For Linux:

      keytool -genseckey -keystore <Keystore_path> -storetype <store_type> -storepass <Keystore_password> -keyalg AES -keysize 256 -alias <alias_name> -keypass <Key_password>

      For example:

      keytool -genseckey -keystore <> -storetype JCEKS -storepass changeit -keyalg AES -keysize 256 -alias <> -keypass changeit

    where,

             <Keystore_path> is the location of the Keystore. If the Keystore does not exist, the tool will create a new store. 

              <store_type> is the type of store. Only JCEKS is supported.

              <Keystore_password> is the password related to the Keystore. 

              <alias_name> is the name to be given to the newly created key.

              <Key_password> is the password protecting the use of the key.  

    The Keystore is generated at the specified location and exit from the Command Prompt.

    Configuring Keystore in Adeptia Connect

    1. Login to Adeptia Connect as an administrator.
    2. Click Accounts > Settings.
    3. Expand the Server Node Settings in the left panel.
    4. Select the server node.
    5. Click Edit.
    6. Expand Systems > Data Encryption at rest.

    7. Set the value in the below parameters:

      Property Name
      Description
      abpm.security.data.encryption.rest.enableTo enable or disable data encryption at rest. The possible value can be either Yes or No.
      abpm.security.data.encryption.rest.keystoreLocationLocation of the Keystore that will be used for data encryption.
      abpm.security.data.encryption.rest.aliasAlias name for the key.
      abpm.security.data.encryption.rest.keystorePaswordPassword of the Keystore.
      abpm.security.data.encryption.rest.keyPasswordPassword of the Key.


    8. Click Save.
    9. To reload the configuration, click Reload Configuration link.
      A confirmation message is displayed that the configuration has been reloaded.

    10. Restart Connect Kernel and Connect WebRunner.

    However, after you enable the encryption, the data stored before you enabled the encryption remains in plaintext. Therefore, before enabling the encryption it is advisable to run the Encryption utility to encrypt the existing data present in the repository. If you do not encrypt the existing data, before enabling the encryption, repository data displayed on the GUIs may not be displayed correctly.

    If due to any reason if you have not encrypted the existing data and have executed the transaction with encryption enabled, then in the repository folder the data will be a combination of plaintext and encrypted text. Therefore, you must encrypt plaintext separately. To do this:

    1. Move all the plaintext data in a separate folder. 
    2. Encrypt the folder using the Encryption utility. 
    3. After the records are encrypted successfully, copy the data of the encrypted folder in the repository.

    After you have encrypted the data, enable the Encrypting data at rest feature. When the utility executes, you will have the encrypted data in the repository including the previous one. 

     


    Panel
    borderStylesolid
    titleYou may be interested in...
    What's new
    Best practices
    Training guides
    Frequently asked questions
    Adeptia Connect APIs
    Adeptia security report