Data Protection Central 19.8 and later: Re-create Lockbox

Use the following procedure to re-create the lockbox on DPC 19.8 and later:

1. Download the attached .zip file dpc_recreatelockbox_pkb.zip, from this article. (The attached file is available only in the English version of this article)

   • Place the .zip file on the DPC server, in the /var/tmp directory.
   • Extract this file with the following command:

     unzip dpc_recreatelockbox_pbk.zip

   • This puts a file called dpc_recreatelockbox_pbk.sh in that directory. Add the permission to that file with the following command:

     chmod +x dpc_recreatelockbox_pbk.sh

2. When you run the dpc-recraeatelockbox_pbk.sh script, it asks you for the DPC UI password. Input the current DPC UI password, or the Integrated Data Protection Appliance common password

   • This is the new password for administartor@dpc.local, and kcadmin users, and the new lockbox password.

3. If this is DPC versions 19.9 or 19.10, or Integrated Data Protection Appliance versions 2.7.6, set the JAVA_HOME to the correct setting.

   • Check the JAVA_HOME path with the following command:

     echo $JAVA_HOME

     • /usr/lib64/jvm/jre-11-openjdk is the expected output. If the output is, /usr/lib64/jvm/jre-openjdk then set the JAVA_HOME variable.
     • Check the /etc/environment file to see if the following line is there. If it is, then source the file, if it is not then add it to the file, then source it.

       JAVA_HOME=/usr/lib64/jvm/jre-11-openjdk

   • Source the file with the following command:

     source /etc/environment

4. When this script is running, you may see the following warnings or errors. These are expected and can be ignored:

   rm: cannot remove '/data01/docker/volumes/keycloak-postgres-db/_data/.com.rsa.cryptoj.fips140.katstatus.properties': No such file or directory
   
   WARNING: An illegal reflective access operation has occurred
   WARNING: Illegal reflective access by com.rsa.cryptoj.o.lc$3 (file:/usr/local/dpc/lib/iam/lib/cryptojcommon-6.2.5.jar) to method sun.security.internal.spec.TlsKeyMaterialParameterSpec.getMasterSecret()
   WARNING: Please consider reporting this to the maintainers of com.rsa.cryptoj.o.lc$3
   WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
   WARNING: All illegal access operations will be denied in a future release

5. As the root user, run the script from the /var/tmp directory with the following command:

   ./dpc_recreatelockbox_pbk.sh

6. Once the script finishes, there are required steps that you have to run in the DPC UI.

   1. Log in to the DPC UI with administrator@dpc.local user and the new password you put in.
   2. Go to the System Management tab and for each system in this tab, click the checkbox net to it and then click Edit.
      
   3. Input the username and password. Confirm the password and then click the NEXT button.
   4. On the next screen, click the SAVE button.
      
   5. In the DPC UI, go to Administration > Identity Sources, and edit the LDAP/AD username and password. Click Save.