If password encryption is enabled

If password encryption is enabled in the configuration properties file, bfpwcrypt.conf, use the steps in this topic after you change from SHA1 to SHA2.

Procedure

  1. Navigate to Administration > Security, and disable password encryption.
  2. If the Server Auth, LDAP, and User passwords have been added or updated since password encryption was enabled, go to Administration > Security > Keystore and update each of the passwords again.
  3. Rename the password encryption configuration properties file. For example, change the name of the bfpwcrypt.conf file to bfpwcrypt.conf.sha1
  4. Go back to Administration > Security, and change the Digest Algorithm to SHA2.
  5. Restart the Build Forge® management console. A new bfpwcrypt.conf file is created.
  6. Go back to Administration > Security, and enable password encryption.
  7. Optional: Go back to Administration > Security > Keystore and update the ServerAuth, LDAP, and User passwords.
  8. If the agent also enables password encryption, copy the newly generated bfpwcrypt.conf file to the server where the agent is located.
  9. If the ssl_key_password was encrypted, re-encrypt the password. For example, re-encrypt bfagent -e xxxxxx. In this example, xxxxxx represents the password.
  10. In the bfagent.conf file, enable digest_algorithm SHA2 by removing the # before the line or by adding a new line.
  11. Restart the bfagent.

Feedback