The SAP Mobile Platform (used by both
SAP Mobile Platform Server and Management Cockpit to manage certificates and keys) keystore and truststore
locations are protected by a password. In production environments, the initial keystore
password is set during installation. The keystore password must be the same as all the private
key passwords associated with the aliases in the store.
Prerequisites
Before you begin, back up the contents of
SMP_HOME\Server\configuration\smp_keystore.jks. This is the combined keystore and
truststore for the server.
Task
In production environments, use the keytool utility to change the
passwords for the keystore and truststore.
- Use keytool -storepass and -keypass commands
repeatedly to change the password of the keystore itself, and each of the passwords
for all private keys in the store. Passwords for both must be the same.
- Configure the SAP Mobile Platform configuration to recognize the new
password.
- Encrypt the new password by obtaining the secret key from the
-DsecretKey property in
SMP_HOME\Server\props.ini.
- Run the following the command:
java -jar tools\cipher\CLIEncrypter.jar <secretKey> <newPassword>
where
<secretKey> is the secret key obtained from
props.ini and
<newPassword> is
the new password for the keystore and truststore.
- Open
SMP_HOME\Server\config_master\com.sap.mobile.platform.server.foundation.config.encryption\com.sap.mobile.platform.server.foundation.config.encryption.properties
and update privateKeystorePass to replace the existing
password with the new encrypted password, keeping {enc} as the
prefix.
- Save the changes.
- Restart restart the server for the changes to take effect.