diff --git a/client/tomcatconf/db.properties.in b/client/tomcatconf/db.properties.in
index b224cec9700..8f6980b7db1 100644
--- a/client/tomcatconf/db.properties.in
+++ b/client/tomcatconf/db.properties.in
@@ -46,6 +46,7 @@ db.cloud.keyStore=
 db.cloud.keyStorePassword=
 db.cloud.trustStore=
 db.cloud.trustStorePassword=
+db.cloud.keyStorePassphrase=vmops.com
 
 # Encryption Settings
 db.cloud.encryption.type=none
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
index 81d623aabb6..7af4c7b2de3 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxySecureServerFactoryImpl.java
@@ -21,6 +21,7 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.security.KeyStore;
+import java.util.Properties;
 
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
@@ -31,6 +32,7 @@ import javax.net.ssl.TrustManagerFactory;
 
 import org.apache.log4j.Logger;
 
+import com.cloud.utils.db.DbProperties;
 import com.sun.net.httpserver.HttpServer;
 import com.sun.net.httpserver.HttpsConfigurator;
 import com.sun.net.httpserver.HttpsParameters;
@@ -52,7 +54,8 @@ public class ConsoleProxySecureServerFactoryImpl implements ConsoleProxyServerFa
             try {
                 s_logger.info("Initializing SSL from built-in default certificate");
 
-                char[] passphrase = "vmops.com".toCharArray();
+                final Properties dbProps = DbProperties.getDbProperties();
+                char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
                 KeyStore ks = KeyStore.getInstance("JKS");
 
                 ks.load(new FileInputStream("certs/realhostip.keystore"), passphrase);
diff --git a/setup/bindir/cloud-setup-encryption.in b/setup/bindir/cloud-setup-encryption.in
index cf27b37103c..35a1737e54f 100755
--- a/setup/bindir/cloud-setup-encryption.in
+++ b/setup/bindir/cloud-setup-encryption.in
@@ -58,6 +58,7 @@ class DBDeployer(object):
     isDebug = False
     mgmtsecretkey = None
     dbsecretkey = None
+    keyStorePassphrase = "vmops.com"
     encryptiontype = None
     dbConfPath = r"@MSCONF@"
     dbDotProperties = {}
@@ -196,6 +197,9 @@ for example:
         
         def encryptDBSecretKey():
             self.putDbProperty('db.cloud.encrypt.secret', formatEncryptResult(encrypt(self.dbsecretkey)))
+
+        def encryptKeyStorePassphrase():
+            self.putDbProperty('db.cloud.keyStorePassphrase', formatEncryptResult(encrypt(self.keyStorePassphrase)))
         
         def encryptDBPassword():
             dbPassword = self.getDbProperty('db.cloud.password')       
@@ -212,6 +216,7 @@ for example:
         self.putDbProperty("db.cloud.encryption.type", self.encryptiontype)
         saveMgmtServerSecretKey()
         encryptDBSecretKey()
+	encryptKeyStorePassphrase()
         encryptDBPassword()
         self.info(None, True)
         
@@ -220,6 +225,7 @@ for example:
             self.encryptiontype = self.options.encryptiontype
             self.mgmtsecretkey = self.options.mgmtsecretkey
             self.dbsecretkey = self.options.dbsecretkey
+	    self.keyStorePassphrase = self.options.keyStorePassphrase
             self.isDebug = self.options.debug
             
             
@@ -242,6 +248,8 @@ for example:
                           help="Secret key used to encrypt confidential parameters in db.properties. A string, default is password")
         self.parser.add_option("-k", "--database-secretkey", action="store", type="string", dest="dbsecretkey", default="password",
                           help="Secret key used to encrypt sensitive database values. A string, default is password")
+        self.parser.add_option("-p", "--keystore-passphrase", action="store", type="string", dest="keyStorePassphrase", default="vmops.com",
+                          help="Passphrase used while generating jks file for ssl communication. A string, default is vmops.com")
         
         (self.options, self.args) = self.parser.parse_args()
         parseOtherOptions()
diff --git a/utils/src/com/cloud/utils/nio/Link.java b/utils/src/com/cloud/utils/nio/Link.java
index 0767815a1e9..39ca1d8bee3 100755
--- a/utils/src/com/cloud/utils/nio/Link.java
+++ b/utils/src/com/cloud/utils/nio/Link.java
@@ -32,6 +32,7 @@ import java.nio.channels.ReadableByteChannel;
 import java.nio.channels.SelectionKey;
 import java.nio.channels.SocketChannel;
 import java.security.KeyStore;
+import java.util.Properties;
 import java.util.concurrent.ConcurrentLinkedQueue;
 
 import javax.net.ssl.KeyManagerFactory;
@@ -46,6 +47,7 @@ import javax.net.ssl.TrustManagerFactory;
 import org.apache.log4j.Logger;
 
 import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.db.DbProperties;
 
 /**
  */
@@ -412,7 +414,8 @@ public class Link {
 
         File confFile = PropertiesUtil.findConfigFile("db.properties");
         if (null != confFile && !isClient) {
-            char[] passphrase = "vmops.com".toCharArray();
+            final Properties dbProps = DbProperties.getDbProperties();
+            char[] passphrase = dbProps.getProperty("db.cloud.keyStorePassphrase").toCharArray();
             String confPath = confFile.getParent();
             String keystorePath = confPath + "/cloud.keystore";
             if (new File(keystorePath).exists()) {