Symantec Access Management

Tech Tip : CA Single Sign-On : smkeyexport clear text not working

  • 1.  Tech Tip : CA Single Sign-On : smkeyexport clear text not working

    Broadcom Employee
    Posted 10-03-2018 10:15 AM

    Issue:

     

    We are running the following command to export the Key Store keys :

    smkeyexport -okeyexport.smdif -dsiteminder -wpassword -c -v -t

    but in the keyexport.smdif file, we still see the keys with the mark {RC2}
    which means that they are still encrypted.

     

    So when we try to import those keys when running smkeyimport, we get
    the error :

     

    Cleartext import specified yet KeyManagement key is already
    encrypted in import file. Skipping encrypt. Continuing..

     

    How can we fix this ? 

     

    Environment

     

    Policy Server 12.51CR01 on Windows 2008R2; 

    Policy Server JDK 1.6.0_45 32bit;

     

    Cause:

     

    This is a known issue by Policy Server 12.51CR01. And it is fixed on
    Policy Server 12.51CR02 as per readme :

    Policy Server 12.51 CR02

    177001, 182980 During the data export, smkeyexport and the -k and -c
    options of smobjexport do not decrypt the keys.

    ps-12.51-cr08-readme.txt

     

    Resolution:

     

    Apply at least the 12.51CR02 or higher on the Policy Server 12.51CR01 to fix this issue.

     

    KB : KB000116828