Rate this Content

 
 
 
 
 
 
 
Rate
 
 
 
 
 
 
0 Rates
0 %
1
5
0
 

How to change the password of the SSM key store in SAServer / ID Confirm 1000

Applies to

SA Server, ID Confirm 1000

Content

In SSM (Software Security Module) mode, SAServer stores its keys in a java key store located by default in

[SASERVER_HOME]\AuthenticationServer\webapps\saserver\WEB-INF\classes\sas_config\protiva.keystore.

Before doing any modifications, please shutdown SA Server.

In order to change the keystore's default password, please launch, in a command window, the keytool.exe in

[SASERVER_HOME]\jre\bin

as described below:

keytool -storepasswd -storetype JCEKS -keystore ..\AuthenticationSever\webapps\saserver\WEB-INF\classes\sas_config\protiva.keystore

Enter keystore password:  protiva
New keystore password:  new-password
Re-enter new keystore password:  new-password

Once done , the new password has also to be propagated to all keys in the keystore.

Please enter this commad below in order to see all keys and their alias:

keytool -list -storetype JCEKS -keystore ..\AuthenticationSever\webapps\saserver\WEB-INF\classes\sas_config\protiva.keystore -storepass newpasswd

Then , change the password for all keys with this command (for example for the key sas-hotp-tk):

keytool -keypasswd -keystore ..\..\AuthenticationServer\webapps\saserver\WEB-INF\classes\sas_config\protiva.keystore -storetype JCEKS  -storepass newpassword -keypass protiva -new newpassword  -alias sas-hotp-tk

Warning: The password for the keystore and for all keys in the keystore must be the same !!!

In the directory

[SASERVER_HOME]\AuthenticationServer\webapps\saserver\WEB-INF\classes\sas_config\skeng_profiles

change the password in the file SKOATH.conf (or in the file SKCAP.conf  if you use CAP):

master_key_password= new-password

Restart SA Server

More information

With this tool, you can manipulate the keystore for example by listing all keys, adding new ones,...

No comments
Add comment

* - required field

*




CAPTCHA image for SPAM prevention If you can't read the word, click here.

*
*

Latest updated pages