Federation Security Services Guide › Signing and Encrypting Messages to Secure Federated Transactions › Migrate AM.keystore and Update smkeydatabase › How To Migrate the Key Databases › Run the migratekeystore Tool

Run the migratekeystore Tool

This procedure accomplishes two tasks:

• migrating an AM.keystore to an smkeydatabase
• updating an existing smkeydatabase so certificates have aliases.

Note: If you have a clustered Policy Server environment, perform this procedure one time on one system then copy the entire smkeydatabase directory to the other machines in the cluster.

To migrate the AM.keystore and update existing smkeydatabase certificates

1. Back up your existing databases.
2. Open a command window.
3. Copy the AM.keystore file from the machine where the Web Agent Option Pack is installed and place the file on the machine with the Policy Server installed.

   Important! If you are only updating certificates in an existing smkeydatabase, skip to Step 4.

   The location of the AM.keystore is:

   web_agent_home/affwebservices/AM.keystore

   Copy the file to:

   policy_server_home/siteminder/smkeydatabase

   If the smkeydatabase does not exist, create a database using the smkeytool -createDatabase command.

4. Enter one of the following commands to complete the migration and update:

   Windows:

   migratekeystore.bat java_keystore_location java_keystore_password

   UNIX:

   migratekeystore.sh java_keystore_location java_keystore_password

   java_keystore_location

   location of the am.keystore file

   java_keystore_password

   password to access the contents of the am.keystore file. Passwords are shown in clear text.

As the tool processes the command, you are prompted to answer a series of questions about the data you want to copy. After answering the questions, the data is copied and the smkeydatabase is updated.

Note: Any migrated data will be encrypted using FIPS-compliant algorithms.