Policy Server Guides › Policy Server Administration Guide › Configuring and Managing Encryption Keys › Reset the r6.x Policy Store Encryption Key

Reset the r6.x Policy Store Encryption Key

To reset the r6.x policy store encryption key

1. Log into a Policy Server host system.
2. Run the following command:

   smobjexport -dsiteminder_administrator -wpassword -ofile_name -c
   

   • -dsiteminder_administrator

     Specifies the name of the SiteMinder administrator account.

     Note: This administrator must be able to manage all SiteMinder domain objects.

   • -wpassword

     Specifies the password of the SiteMinder administrator account.

   • -ofile_name

     Specifies the following:

     • The path to the output location
     • The name of smdif file the utility creates

     Note: If this argument is not specified, the default output file names are stdout.smdif and stdout.cfg.

   • -c

     Exports sensitive data as clear–text.

   The utility exports the policy store data into the smdif file.

3. Be sure that the smreg utility is located in policy_server_home\bin.
   • policy_server_home

     Specifies the Policy Server installation path.

   Note: If the utility is not present, you can find the utility in the Policy Server installation media, which is available on the Support site.

4. Run the following command:

   smreg -key encryption_key
   

   • encryption_key

     Specifies the new encryption key.

     Limits: 6 to 24 characters.

   The policy store encryption key is changed.

5. Start the Policy Server Management Console and open the Data tab.
6. Re–enter the policy store administrator password and click Update.

   The administrator password is re–encrypted using the new encryption key.

7. Run the following command:

   smreg -su password
   

   • password

     Specifies the SiteMinder super user password.

   The super user password is set and encrypted using the new encryption key.

8. Run the following command:

   smobjimport -dsiteminder_administrator -wpassword -ifile_name -r -f -c
   

   • -dsiteminder_administrator

     Specifies the name of the SiteMinder administrator account.

     Note: This administrator must be able to manage all SiteMinder domain objects.

   • -wpassword

     Specifies the password of the SiteMinder administrator account.

   • -ifile_name

     Specifies the following:

     • The path to the smdif file
     • The name of the smdif file name

     Note: If this argument is not specified, the default input file names are stdout.smdif and stdout.cfg.

   • -r

     Specifies that duplicate policy store information can be overwritten during the import.

   • -f

     Turns off automatic renaming of objects. By default, when the utility attempts to import an object with a name that exists in the target policy store, the utility creates a duplicate object. The name of the object is nameoid.

     name

     Specifies the name of the object.

     oid

     Specifies the object ID of the new duplicate object.

     The utility returns errors messages for any objects that could not be created because of naming conflicts.

   • -c

     Indicates that the input file contains sensitive data in clear–text.

9. Run the following command:

   smreg -su password
   

   • password

     Specifies the SiteMinder super user password.

   The super user password is set.

   The policy store encryption key is reset.