Federation Security Services Guide › Signing and Encrypting Messages to Secure Federated Transactions › Migrate AM.keystore and Update smkeydatabase

Migrate AM.keystore and Update smkeydatabase

Prior to SiteMinder 6.0 SP 5/6.x QMR 5, SiteMinder had the following PKI infrastructure:

• AM.keystore

  This store resided on the Web Agent at the relying party. The AM.keystore held Certificate Authority (CA) certificates and client certificates.

• smkeydatabase

  This store resided on the asserting and relying party Policy Server systems. The certificates in this key database did not have corresponding aliases.

Beginning with SiteMinder 6.0 SP 5/6.x QMR 5, all data currently stored in the AM.keystore is now stored in the smkeydatabase at the relying party. Additionally, all certificates must have aliases.

If you are upgrading from versions prior to 6.0 SP 5/6.x QMR 5, you must do the following:

1. Copy private keys and certificates from the AM.keystore to the smkeydatabase on the relying party Policy Server.
2. Migrate an existing smkeydatabase so aliases can be added to the certificates in the database.

The migratekeystore utility enables you to perform these tasks.

The following picture shows the changes in the PKI infrastructure.

More Information:

Run the migratekeystore Tool