Patrick-Dussault

Tech Tip : CA Single Sign-On : smkeyexport clear text not working

Discussion created by Patrick-Dussault Employee on Oct 3, 2018

Issue:

 

We are running the following command to export the Key Store keys :

smkeyexport -okeyexport.smdif -dsiteminder -wpassword -c -v -t

but in the keyexport.smdif file, we still see the keys with the mark {RC2}
which means that they are still encrypted.

 

So when we try to import those keys when running smkeyimport, we get
the error :

 

Cleartext import specified yet KeyManagement key is already
encrypted in import file. Skipping encrypt. Continuing..

 

How can we fix this ? 

 

Environment

 

Policy Server 12.51CR01 on Windows 2008R2; 

Policy Server JDK 1.6.0_45 32bit;

 

Cause:

 

This is a known issue by Policy Server 12.51CR01. And it is fixed on
Policy Server 12.51CR02 as per readme :

Policy Server 12.51 CR02

177001, 182980 During the data export, smkeyexport and the -k and -c
options of smobjexport do not decrypt the keys.

ps-12.51-cr08-readme.txt

 

Resolution:

 

Apply at least the 12.51CR02 or higher on the Policy Server 12.51CR01 to fix this issue.

 

KB : KB000116828

Outcomes