username@hotsname:~> cd /apps/sp/apache-tomcat-8.5.31/webapps/identityiq/WEB-INF/bin/
username@hotsname://apps/sp/apache-tomcat-8.5.31/webapps/identityiq/WEB-INF/bin> ./iiq keystore -j
> addKey
Generate a new encryption key (y/n)?
y
Generating a new encryption key for keystore [/apps/tomcat/webapps/identityiq/WEB-INF/classes/iiq.dat].
New encrpytion key successfully saved to keystore.
All application servers must be restarted for changes to take effect.
> list
Listing contents for keystore [/apps/tomcat/webapps/identityiq/WEB-INF/classes/iiq.dat].
KeyAlias Algorithm Format Object
2 AES RAW javax.crypto.spec.SecretKeySpec@17fbb
>quit
2 files with Extension .cfg and .dat will be generated in /WEB-INF/classes location.
iiq.cfg
iiq.dat
Restart the Application Server,
Now to test if the newly generated password is using this new KeyStore or not , Connect to iiq console and execute encrypt
Changing the Existing Password based on new KeyStore
Navigate to Setup --> Tasks --> New Task --> Encrypted Data Synchronization Task
Select the Option available in the Task for which need Password based on the new KeyStore need to be generated
- Disable Application Synchronization - Application Password
- Disable Identity Synchronization - Identity /User Password
- Disable IntegrationConfig Synchronization - Password Stored in init Config
- Convert Encrypted Identity Secrets to Hashing - Secret Q/A
