Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14371

Document suggestions for AM 6.5 Configuring Keystores


    • Sprint:
      2019.2 - AM Docs - Hmm, 2019.2 - AM Docs - Harry
    • Story Points:
    • Support Ticket IDs:


      As requested in Ticket #37004 :



      In the 6.2. Configuring Keystores section:


      The keystore used for the AM's startup process must contain the configstorepwd and the dsameuserpwd password strings. Failure to do so will render AM unbootable. For more information about configuring keystores for AM's startup process, see "Starting Servers" in the Installation Guide.


      In this section above we would recommend to mention that you need to import especially the dsameuserpwd from the default keystore to the new generated keystore, because it is not directly mentioned that you need to IMPORT this entry from the default keystore.jceks.

      In the documentation there is no possibility mentioned to create an dsameuserpwd.

      We know that the configstorepwd can be created, but it is fortunately also possible to import this entry.


      Also for the following description on point 8.:


      • 8. Note that a configuration of %BASE_DIR%/%SERVER_URI%/keystore.jceks in the AM console corresponds to the path /path/to/openam/openam/keystore.jceks in the boot.json file.


      We would recommend to make it clear that the new keystore has to be at first configured in the AM configuration UI on_Configure > Server Defaults > Security > Key Store_

      AND also in the /path/to/openam/boot.json file

      then after these 2 changes you can reboot the service so the new keystore is used.


      These both recommendations we give you are in our view standard steps for setting up the AM for every customer of ForgeRock because it's recommended from ForgeRock to create a new keystore in production environments and there is no sufficient enough explanation on getting a new keystore working.


          Issue Links



              • Assignee:
                cristina.herraz Cristina Herraz
                mark.nienaber@forgerock.com Mark Nienaber
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: