cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X

Do the keystore.pfk and the keystore-password change after the initial installation.

Go to solution
saguiarde
10-Marble
10-Marble
‎Mar 26, 2021 06:10 AM
‎Mar 26, 2021 06:10 AM

Do the keystore.pfk and the keystore-password change after the initial installation.

Hello all, 

 

We are running TWX 8.4 on a Kubernetes environment. We want to if the following files remain constant after the initial installation? 

  • \\ThingworxPlatform\keystore-password
  • \\ThingworxStorage\keystore.pfx

I am aware that after an application key has been created, it uses the symmetric key stored in \\ThingworxStorage\keystore.pfx. When it uses, does the file get updated?

 

Thanks

 

Labels:
0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
wcui
14-Alexandrite
14-Alexandrite
(To:saguiarde)
‎Mar 30, 2021 04:12 AM
‎Mar 30, 2021 04:12 AM

Hi Saguiarde

 

Can you give more details aobut initial installation? 

 

Below comment is from ThingWorx 8 help center. It point out clearly that if user need to maintain TW instance, they should keep /ThingworxStorage/keystore.jks and /ThingworxPlatform/keystore-password so created application Keys can be correctly decrpted. On the opposite, if those 2 files do not exist, TW server will create new files with new symmetric key, in this case decryption of existing appliation keys would fail.

 

http://support.ptc.com/help/thingworx_hc/thingworx_8_hc/en/#page/ThingWorx%2FHelp%2FComposer%2FSecurity%2FApplicationKeys%2FApplicationKeys.html

The keyID is stored encrypted in the database. The symmetric key used to encrypt the value is stored in /ThingworxStorage/keystore.jks, and the password for the keystore is stored in /ThingworxPlatform/keystore-password. If these files do not exist, they will be generated. If a symmetric key does not exist, one will be created before the system starts. If you are installing and maintaining the ThingWorx server, make sure to keep these files. If the files are lost, the application keys do no function, meaning the value cannot be encrypted during the system start, and the existing application keys can no longer be saved or authenticated.

 

Let me know if above answer your question or not.

View solution in original post

Notify Moderator
1 REPLY 1
wcui
14-Alexandrite
14-Alexandrite
(To:saguiarde)
‎Mar 30, 2021 04:12 AM
‎Mar 30, 2021 04:12 AM

Hi Saguiarde

 

Can you give more details aobut initial installation? 

 

Below comment is from ThingWorx 8 help center. It point out clearly that if user need to maintain TW instance, they should keep /ThingworxStorage/keystore.jks and /ThingworxPlatform/keystore-password so created application Keys can be correctly decrpted. On the opposite, if those 2 files do not exist, TW server will create new files with new symmetric key, in this case decryption of existing appliation keys would fail.

 

http://support.ptc.com/help/thingworx_hc/thingworx_8_hc/en/#page/ThingWorx%2FHelp%2FComposer%2FSecurity%2FApplicationKeys%2FApplicationKeys.html

The keyID is stored encrypted in the database. The symmetric key used to encrypt the value is stored in /ThingworxStorage/keystore.jks, and the password for the keystore is stored in /ThingworxPlatform/keystore-password. If these files do not exist, they will be generated. If a symmetric key does not exist, one will be created before the system starts. If you are installing and maintaining the ThingWorx server, make sure to keep these files. If the files are lost, the application keys do no function, meaning the value cannot be encrypted during the system start, and the existing application keys can no longer be saved or authenticated.

 

Let me know if above answer your question or not.

Notify Moderator
Top Tags