This documentation is for WSO2 Enterprise Integrator version 6.2.0 . View documentation for the latest release in the 6.x.x family and the latest release in the 7.x.x family.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Create a backup of the databases in your WSO2 EI 6.1.1 instance.
  • Copy the <EI_6.1.1_HOME> directory to back up the product configurations.
  • Go to the WSO2 Integration product page, click Download → Previous Releases. You can now download WSO2 EI 6.2.0

    from http://wso2.com/integration

    version.

    Tip

    Note that there are several options for installing the product.

Info

The downtime is limited to the time taken for switching databases in the production environment.

...

  • To re-encrypt all internally-encrypted data using OAEP:

    1. Get the latest WUM updates (later than the update level released on 18/04/2018) for your WSO2 EI 6.1.1. This will give you a new WSO2 EI distribution with the latest updates.

    2. Connect the WUM-updated WSO2 EI distribution to your existing databases (which are used for registry data, and user management data) by applying the following configurations:

      Panel
      borderColor#542989
      bgColor#ffffff
      borderWidth1
      Expand
      titleConnecting to the database
      1. Open the master-datasources.xml file (stored in the <WUM_UPDATED_EI_6.1.1_HOME>/conf/datasources/ directory) and update the parameters given below.

        Tip

        By default, registry and user management data are stored in one database and is configured in the master-datasources.xml file. If you have separate databases for registry and user management data, you may have separate datasource configurations.

        ElementDescription
        urlThe URL of the database.
        username and passwordThe name and password of the database user.
        driverClassNameThe class name of the database driver.
      2. Open the registry.xml file (stored in the <WUM_UPDATED_EI_6.1.1_HOME>/conf directory) and specify the datasource name (as defined in step a).

        Code Block
        <dbConfig name="wso2registry">    
            <dataSource>jdbc/MY_DATASOURCE_NAME</dataSource>
        </dbConfig>
      3. If a JDBC user store is used in your ESB, open the user-mgt.xml file (stored in the <WUM_UPDATED_EI_6.1.1_HOME>/conf/ directory), and update the following database connection parameters under the <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> section.

        ElementDescription
        urlThe URL of the database.
        username and passwordThe name and password of the database user.
        driverClassNameThe class name of the database driver.

        Further, update the system administrator configurations and the datasource name in the user-mgt.xml file.

      4. Encrypt the plain text passwords that you added to the configuration files (master-datasources.xml, user-mgt.xml, etc.).

    3. Be sure that the carbon.properties file is included in the <WUM_UPDATED_EI_6.1.1_HOME>/conf/ directory with the following parameter:

      Code Block
      org.wso2.CipherTransformation=RSA/ECB/OAEPwithSHA1andMGF1Padding
    4. Start the WUM-updated ESB server of WSO2 EI 6.1. This will re-encrypt the data in the databases.
  • To re-encrypt plain text strings using OAEP:
    1. Connect the ESB profile of WSO2 EI 6.2.0 to your existing databases by applying the following configurationsdatabases (which are used for registry data, and user management data):

      Panel
      borderColor#542989
      bgColor#ffffff
      borderWidth1
      Expand
      titleConnecting to the database
      1. Open the master-datasources.xml file (stored in the <EI_HOME>/conf/datasources/ directory) and update the parameters given below.

        Tip

        By default, registry and user management data are stored in one database and is configured in the master-datasources.xml file. If you have separate databases for registry and user management data, you may need separate datasource configurations.

        ElementDescription
        urlThe URL of the database.
        username and passwordThe name and password of the database user.
        driverClassNameThe class name of the database driver.
      2. Open the registry.xml file (stored in the <EI_HOME>/conf directory) and specify the datasource name (as defined in step a).

        Code Block
        <dbConfig name="wso2registry">    
            <dataSource>jdbc/MY_DATASOURCE_NAME</dataSource>
        </dbConfig>
      3. If a JDBC user store is used, open the user-mgt.xml file (stored in the <EI_HOME>/conf/ directory), and update the following database connection parameters under the <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> section.

        ElementDescription
        urlThe URL of the database.
        username and passwordThe name and password of the database user.
        driverClassNameThe class name of the database driver.

        Further, update the system administrator configurations and the datasource name in the user-mgt.xml file.

    2. Anchor
      keystore_migration
      keystore_migration
      The keystores for WSO2 EI 6.2.0 need to be setup and configured in order to perform this data re-encryption. 
      1. Migrate the keystores and truststores from WSO2 EI 6.1.1 to WSO2 EI 6.2.0 by copying the files from the <EI_6.1.1_HOME>/repository/resources/security directory to the same directory in WSO2 EI 6.2.0.
      2. Open the carbon.xml file (stored in the <EI_HOME>/conf/ directory), and update the details of the keystore used for data encryption. See Configuring Keystores in WSO2 Products for more information.

        Panel
        borderColor#542989
        bgColor#ffffff
        borderWidth1
        Expand
        titleUsing a common keystore for data encryption and SSL signing?

        Update the following configuration element:

        Code Block
        <KeyStore>    
            <Location>${carbon.home}/resources/security/wso2carbon.jks</Location>
            <Type>JKS</Type>
            <Password>wso2carbon</Password>
            <KeyAlias>wso2carbon</KeyAlias>
            <KeyPassword>wso2carbon</KeyPassword>
        </KeyStore>
          
        <TrustStore>
            <!-- trust-store file location -->
            <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
            <!-- trust-store type (JKS/PKCS12 etc.) -->
            <Type>JKS</Type> 
            <!-- trust-store password -->
            <Password>wso2carbon</Password>
        </TrustStore>
        Expand
        titleUsing a separate keystore exclusively for data encryption?

        Note that this feature is available as an update for WSO2 EI 6.2.0 . See as explained Configuring Keystores in WSO2 Products for more information.

        Add the following configuration element under <Security> in the carbon.xml file, and update the values:

        Code Block
        <InternalKeyStore>  <Location>${carbon.home}/repository/resources/security/internal.jks</Location>
          <Type>JKS</Type>
          <Password>wso2carbon</Password>
          <KeyAlias>wso2carbon</KeyAlias>
          <KeyPassword>wso2carbon</KeyPassword>
        </InternalKeyStore>
    3. Create the <EI_HOME>/migration/ directory, copy the migration-conf.properties file, and update the following values:

      keystore.identity.locationThe location of the keystore that is used for data encryption in the WSO2 EI 6.2.0. By default, this is <EI_HOME>/repository/resources/security/wso2carbon.jks.
      keystore.identity.key.passwordThe key password of the default keystore. By default, this is wso2carbon.
      admin.user.nameThe user name of the system administrator.
    4. Copy the migration JAR file to the <EI_HOME>/dropins/ directory.
    5. Start the ESB profile of WSO2 EI 6.2.0:

      1. Open a terminal and navigate to the <EI_HOME>/bin/ directory.

      2. Execute the product start up script with the '-Dmigrate' command as shown below.

        Panel
        borderColor#542989
        bgColor#ffffff
        borderWidth1
        Localtab Group
        Localtab
        titleOn MacOS/Linux/CentOS

        Open a terminal and execute the following command:

        Code Block
        sh integrator.sh -Dmigrate
        Localtab
        titleOn Windows

        Open a terminal and execute the following command:

        Code Block
        integrator.bat -Dmigrate

       The relevant data is now re-encrypted.

    6. Once the migration is successful, stop the server and delete the migration JAR (org.wso2.carbon.ei.migration-6.2.0.jar) from the <EI_HOME>/dropins/ directory.

...