Hi Pankaj,
It's good to hear that the issue has been resolved.
Did you get a chance to look at the reason beyond the issue which you faced earlier?
Are you sure that you are not facing any issues by changing the encryption key without exporting/taking backup of Key Store? Have you tried restarting the policy server once? because sensitive information in key store will be encrypted using key store key (most of the cases, we will be using policy store key i.e., encryption key for this purpose as well, not sure about your implementation).
Even if you are using separate key store key, that will in turn be encrypted using policy store key i.e., encryption key only while storing in registry. So, as per my knowledge, if encryption key has been changed, policy sever should not be able to decrypt any existing keys. Also, it should not able to even connect to policy store and key store (hoping smconsole is not updated).
As per my knowledge, below is the best appraoch for updation of encryption key:
- Export of policy store data using XPSExport
- Export of key store data using smkeyexport
- Change of encryption key using smreg command. Update of policy store and key store credentials in policy server management console.
Note : Encryption key will be used by policy server to encrypt and decrypt "sensitive" information that is entered in SiteMinder Policy Server Management Console. Encrypted data will be stored in the local Policy server registry. - Import of policy store data using XPSImport
- Import of key store data using smkeyimport
Thanks,
Dhilip