Previous Topic: Key Management ScenariosNext Topic: Reset the r12.x Policy Store Encryption Key

Policy Server GuidesPolicy Server Administration GuideConfiguring and Managing Encryption KeysReset the r6.x Policy Store Encryption Key

Reset the r6.x Policy Store Encryption Key

To reset the r6.x policy store encryption key

  1. Log into a Policy Server host system.
  2. Run the following command: 
    smobjexport -dsiteminder_administrator -wpassword -ofile_name -c
    -dsiteminder_administrator

    Specifies the name of the CA SiteMinder® administrator account.

    Note: This administrator must be able to manage all CA SiteMinder® domain objects.

    -wpassword

    Specifies the password of the CA SiteMinder® administrator account.

    -ofile_name

    Specifies the following:

    • The path to the output location
    • The name of smdif file the utility creates

    Note: If this argument is not specified, the default output file names are stdout.smdif and stdout.cfg.

    -c

    Exports sensitive data as clear–text.

    The utility exports the policy store data into the smdif file.

  3. Be sure that the smreg utility is located in policy_server_home\bin.
    policy_server_home

    Specifies the Policy Server installation path.

    Note: If the utility is not present, you can find the utility in the Policy Server installation media, which is available on the Support site.

  4. Run the following command: 
    smreg -key encryption_key
    encryption_key

    Specifies the new encryption key.

    Limits: 6 to 24 characters.

    The policy store encryption key is changed.

  5. Start the Policy Server Management Console and open the Data tab.
  6. Re–enter the policy store administrator password and click Update.

    The administrator password is re–encrypted using the new encryption key.

  7. Run the following command: 
    smreg -su password
    password

    Specifies the CA SiteMinder® super user password.

    The super user password is set and encrypted using the new encryption key.

  8. Run the following command: 
    smobjimport -dsiteminder_administrator -wpassword -ifile_name -r -f -c
    -dsiteminder_administrator

    Specifies the name of the CA SiteMinder® administrator account.

    Note: This administrator must be able to manage all CA SiteMinder® domain objects.

    -wpassword

    Specifies the password of the CA SiteMinder® administrator account.

    -ifile_name

    Specifies the following:

    • The path to the smdif file
    • The name of the smdif file name

    Note: If this argument is not specified, the default input file names are stdout.smdif and stdout.cfg.

    -r

    Specifies that duplicate policy store information can be overwritten during the import.

    -f

    Turns off automatic renaming of objects. By default, when the utility attempts to import an object with a name that exists in the target policy store, the utility creates a duplicate object. The name of the object is nameoid.

    name

    Specifies the name of the object.

    oid

    Specifies the object ID of the new duplicate object.

    The utility returns errors messages for any objects that could not be created because of naming conflicts.

    -c

    Indicates that the input file contains sensitive data in clear–text.

  9. Run the following command: 
    smreg -su password
    password

    Specifies the CA SiteMinder® super user password.

    The super user password is set.

    The policy store encryption key is reset.