Here are the steps to follow. Please ensure the below pre-requisites are in place. If all works properly, you should only need to proceed through Step 12.a. Steps 13-18 have been added for a scenario where AAOP load fails.
- Make sure using JDK1.6.0_45
- Make sure the two JCE6 jar files are there (Unlimited Strength Java Cryptography Extension)
- Make sure the java.security file has the providers in the proper order and is set to "random" (securerandom.source=file:/dev/random)
1. Verify the existing MSG_CODE_KEYS table in 18.104.22.168 SP2 P1. You may have plain seeds, human readable, from before the encryption
is enabled or seeds of the format && after encryption is enabled.
2. Take a dump of existing seeds in the MSG_CODE_KEYS table via the /rsa/utils/encryption/keyManagerUtil.bat –dump command.
3. Make a backup of the existing c-config-security.xml file.
4. Perform upgrade of the database to V7.1.
5. Deploy backoffice.war file.
6. Login to the BackOffice application and in the Security section enable Security on Seed, Question and Answers.
7. Add the location for GeoIP and Channel Determination data files.
8. Stop the application server.
9. Copy the value of the masterSeed in c-config-security.xml from Step 2 to the c-config-security.xml file under
10. Start application server and ensure the encryption is still enabled in the Security > Seed, Question and Answers parameters.
11. Deploy Adaptive Authentication and verify it can come up without error. (Make sure the pre-requisites above are all met before AA is deployed.)
12. If AA is loaded successfully then send analyze call and ensure there are no decryption errors and token is sent back in response
12.a. Once this is successful perform utils_7.1/encryption/keyManagerUtil.bat –rotate to obtain a new FIXED key
and copy the modified c-config-security.xml to all the AA apps that are deployed (AA, BackOffice)
13. IF AA load fails then - Make sure that encryption is turned on in BackOffice Security section
14. Copy the msgkeydump generated in Step 2 to new installation directory /rsa/utils_7.1/encryption 7.1 utility
copy the c-config-security.xml file from Step 3
call > keyUtil load
call > keyUtil rotate
15. Stop the application server.
16. Copy new c-config-security.xml to AA, BackOffice and all other applications.
17. Start the application server.
18. Send a few analyze request to verify that there are no cookie decryption errors and token is sent back response.