WebSphere Commerce DeveloperWebSphere Commerce Version 8.0.3.0 or later

Migrating from Triple DES to AES-128 encryption on Mod Pack 3 or later

Upgrade your default WebSphere Commerce database encryption to a stronger standard to reduce the chances of a successful brute force attack.

Note: This procedure is applicable to WebSphere Commerce Developer environments that are on Mod Pack 3 or later. For WebSphere Commerce Developer environments on Mod Pack 1 or earlier, or WebSphere Commerce runtime environments see Migrating from Triple DES to AES-128 encryption.

About this task

By default, the WebSphere Commerce database is encrypted by using a Triple Data Encryption algorithm Standard (Triple DES) encryption algorithm. This standard was implemented at a time when a smaller cipher size was considered safe. While still considered a relevant industry standard, Triple DES is superseded with a stronger standard known as Advanced Encryption Standard (AES). With a stronger cipher standard, AES is less susceptible to brute force attacks.

Upgrading to AES-128 is part of updating to NIST SP 800-131A security standards. Consider NIST SP 800-131A for more enhancements to site security. See, Updating to NIST SP 800-131A security standards.

Procedure

  1. Stop the WebSphere Commerce Test server.
  2. Go to the WCDE_installdir/bin directory.
  3. DB2OracleFor IBM i OS operating system Restore the database to the default Apache Derby database by running the following command. 
    restoreDefault.bat
  4. Run the following AES migration utility.
    The following enableAES utility migrates all necessary files to use AES and then calls the setdbtype command to create new database. Run the command according to the type of database that you want to use.
    Database typeCommand
    Apache DerbyApache Derby enableAES.bat cloudscape
    DB2DB2 enableAES.bat db2 DB2_HOME dbName dbAdminID dbAdminPassword dbUserID dbUserPassword [dbHost dbServerPort dbNode]

    Where

    DB2_HOME
    The root directory of the DB2 or the DB2 client, depending on whether a local or remote database is being configured.

    For example, C:\IBM\SQLLIB.

    dbName
    The name of the database you want to use with WebSphere Commerce Developer. If this is the first time you are switching databases, enter the name you want to give the database that will be created.
    dbAdminID
    The database administrator ID.
    dbAdminPassword
    The database administrator password.
    dbUserID
    The database user ID (schema owner).
    dbUserPassword
    The database user password.
    dbHost
    For remote database only: The fully qualified host name of the database server.
    dbServerPort
    For remote database only: The port number on the database server used for remote connections. The default port is 50000.
    To be sure of using the right port number, follow these steps:
    1. Connect to the remote host if you plan to use a remote DB2 database.
      • WindowsOpen a DB2 command line by running the db2cmd program.
      • LinuxAIXOpen a command line terminal.
    2. Issue db2 get dbm cfg and look for the value of SVCENAME on a line similar to the following sample:
      TCP/IP Service name (SVCENAME) = db2c_DB2
      If the value is numeric, then use the numeric value. If the value is not numeric, as in the example that is provided, look for the port value in
      • Windows%SystemRoot%\system32\drivers\etc\services, where %SystemRoot% is the folder where Windows is installed
      • LinuxAIX/etc/services
      Search for db2c_DB2 and find a line similar to the following sample:
      • db2c_DB2 50000/tcp
      In this case, the value for dbServerPort is 50000.
    dbNode
    For remote database only: The node name of the remote database.

    You can choose any name. The name is used as a node name to catalog the remote host .
    OracleOracle enableAES.bat oracle ORACLE_HOME dbName dbAdminID dbAdminPassword dbUserID dbUserPassword [dbHost dbServer Port]
    Where
    ORACLE_HOME
    The root directory of Oracle or the database client, depending on if you have a local or a remote database.

    For example, C:\ORACLE\ORA12.

    dbName
    The name of the database to use with WebSphere Commerce developer. If you are using a remote database, this is the name of the database on the remote database server.
    dbAdminID
    The database administrator ID.
    dbAdminPassword
    The database administrator password.
    dbUserID
    The new Oracle user ID created as part of the prerequisites.
    Important: Do not specify a reserved Oracle ID user ID. Examples of reserved Oracle IDs include SYSTEM and SYS.
    dbUserPassword
    The database user password.
    dbHost
    For remote database only The fully qualified host name of the database server.
    dbServerPort
    For remote database only The port number on the database server used for remote connections.
    iSeries systems enableAES.bat iseries dbName dbHost dbUserID dbUserPassword
  5. Start the WebSphere Commerce Test server.
  6. Log on to the Administration Console where you are prompted to change the password after the first login.

    https://host_name:8002/adminconsole

  7. If you previously published an existing starter store, then reset the stores project by running the following utility.
    • WCDE_installdir/bin/resetstores.bat
    Note: If you run this command, you cannot use the existing stores if you decide to switch back to the Apache Derby database later.

What to do next

Manually publish your store. After you publish the store, ensure that you rebuild the search index. For example, to publish the Aurora store, see Publishing the Aurora starter store.