How do we “obfuscate” our password to use in the ALM Jetty-ssl.xml  file?

Question ID: 110297
0
0

We are currently using ALM with SSL/HTTPS and have indicated the keystore password down in  the jetty-ssl.xml file using “clear text”.

Our security people want us to use the “obfuscated” form instead.

How do we “obfuscate” our password to use in the ALM Jetty-ssl.xml  file?

Marked as spam
Posted by (Questions: 83, Answers: 5)
Asked on January 6, 2022 1:46 pm
4 views
Answers (1)
0
Private answer

The “Password” Class is missing from the ALM deployment for the Password encryption part of the SSL stuff.

CAREFUL with my paths - I had to add spaces around \ / // or \\

  1. Get JAR containing Password class here:

http: // www.java2s.com / Code / Jar / o / Downloadorgeclipsejettyhttpjar.htm

 

  1. Get ZIP called org.eclipse.jetty.http.jar.zip

Unzip to jar and place on ALM server in this folder:

C: \ ProgramData \ HP \ ALM \ server \ lib

 

  1. Launch a command window and navigate to JAVA "bin" directory (similar to c:program filesjavajre1.8.0_221bin)

 

  1. From command prompt, run the following command:

 

java -cp "<DEPLOYMENT_HOME> \ server \ lib \ org.eclipse.jetty.http.jar" org.eclipse.jetty.http.security.Password <password>

 

 

  1. For example:

 

java.exe -cp "C: \\ ProgramData \ HP \ ALM \ server \ lib \ org.eclipse.jetty.http.jar" org.eclipse.jetty.http.security.Password changeit

 

  1. The output will like this (for the password 'changeit'):

 

changeit

OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0

MD5:b91cd1a54781790beaa2baf741fa6789

 

(note:  MD5 may generate error - it did for me recently)

Then, the user can replace the plain text password in Jetty.xml file, including the 'OBF:' prefix. This can

protect passwords from casual observation.

Marked as spam
Posted by (Questions: 3, Answers: 490)
Answered on January 6, 2022 1:48 pm