Rate this Content

0 Rates
0 %

How to change the password of the SSM key store in SAServer / ID Confirm 1000

Applies to

SA Server, ID Confirm 1000


In SSM (Software Security Module) mode, SAServer stores its keys in a java key store located by default in


Before doing any modifications, please shutdown SA Server.

In order to change the keystore's default password, please launch, in a command window, the keytool.exe in


as described below:

keytool -storepasswd -storetype JCEKS -keystore ..\AuthenticationSever\webapps\saserver\WEB-INF\classes\sas_config\protiva.keystore

Enter keystore password:  protiva
New keystore password:  new-password
Re-enter new keystore password:  new-password

Once done , the new password has also to be propagated to all keys in the keystore.

Please enter this commad below in order to see all keys and their alias:

keytool -list -storetype JCEKS -keystore ..\AuthenticationSever\webapps\saserver\WEB-INF\classes\sas_config\protiva.keystore -storepass newpasswd

Then , change the password for all keys with this command (for example for the key sas-hotp-tk):

keytool -keypasswd -keystore ..\..\AuthenticationServer\webapps\saserver\WEB-INF\classes\sas_config\protiva.keystore -storetype JCEKS  -storepass newpassword -keypass protiva -new newpassword  -alias sas-hotp-tk

Warning: The password for the keystore and for all keys in the keystore must be the same !!!

In the directory


change the password in the file SKOATH.conf (or in the file SKCAP.conf  if you use CAP):

master_key_password= new-password

Restart SA Server

More information

With this tool, you can manipulate the keystore for example by listing all keys, adding new ones,...

No comments
Add comment

* - required field


CAPTCHA image for SPAM prevention If you can't read the word, click here.


Latest updated pages