Tech Tip : CA Single Sign-On : smkeyexport clear text not working

Discussion created by Patrick-Dussault Employee on Oct 3, 2018



We are running the following command to export the Key Store keys :

smkeyexport -okeyexport.smdif -dsiteminder -wpassword -c -v -t

but in the keyexport.smdif file, we still see the keys with the mark {RC2}
which means that they are still encrypted.


So when we try to import those keys when running smkeyimport, we get
the error :


Cleartext import specified yet KeyManagement key is already
encrypted in import file. Skipping encrypt. Continuing..


How can we fix this ? 




Policy Server 12.51CR01 on Windows 2008R2; 

Policy Server JDK 1.6.0_45 32bit;




This is a known issue by Policy Server 12.51CR01. And it is fixed on
Policy Server 12.51CR02 as per readme :

Policy Server 12.51 CR02

177001, 182980 During the data export, smkeyexport and the -k and -c
options of smobjexport do not decrypt the keys.





Apply at least the 12.51CR02 or higher on the Policy Server 12.51CR01 to fix this issue.


KB : KB000116828