You are here

Keystore configuration

You can configure the main and backup keystores using the file.
To configure the main keystore, set the following properties in the file:
Property Description with example
encryption.keystore.location Specifies the location of the main keystore.


encryption.keystore.keyMetaData.location Specifies the location of the main keystore's metadata file.


encryption.keystore.provider Specifies the main keystore provider.
encryption.keystore.type Specifies the main keystore type.


encryption.keystore.backup.location Specifies the location of the backup keystore.


encryption.keystore.backup.keyMetaData.location Specifies the location of the backup keystore's metadata file.


encryption.keystore.backup.provider Specifies the backup keystore provider.
encryption.keystore.backup.type Specifies the backup keystore type.


Some other general encryption properties are:

Because of these encryption properties, the keystores and metadata files can be easily located. Also, the metadata file uses a clear text password to access the keystore. For this reason, appropriate operating system permissions should be applied so that the files cannot be accidentally changed nor read by anyone other than an administrator and the username running the repository.

Each keystore must have a corresponding keystore metadata file. This file contains the passwords, its keys, and other metadata relevant to the keystore. The metadata file must contain three entries:
  • aliases=<active key aliases in the key store>
  • keystore.password=<key store password>
  • metadata.password=<metadata key password>

At bootstrap, the repository checks if the metadata key in the main keystore has been changed (unless running in the fallback mode, in which case the backup keystore is checked instead). This prevents accidental changes to the keystore. If it detects that the metadata key has been changed, an exception will occur and the bootstrap will stop.

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.