As we know that during SMP3 installation we provide the keystore password to protect SMP3 Keystore and Truststore locations. This Keystore password should be the same as all the private key passwords associated with the all the alias in the Keystore.

All the Keystore and Truststore related information are there in a single file. i.e. smp_keystore.jks (E:\SAP\MobilePlatform3\Server\configuration)

Keystore: The location where encryption keys, digital certificates and other credentials are stored (either encrypted or unencrypted keystore file types) for SAP                 Mobile Platform runtime components.

Truststore: The location where Certificate Authority (CA) signing certificates are stored.

Pre-requisite: Make sure to back-up the same file (C:\SAP\MobilePlatform3\Server\configuration\smp_keystore.jks)

Steps:

1. First change the Keystore password by running the below command

E:\SAP\MobilePlatform3\Server\configuration>keytool -storepasswd -new s4pAdmin -keystore smp_keystore.jks

(Where s4pAdmin is the ‘new password’)

  • At prompt, enter the current password. (for me, it’s s3pAdmin)

          storepasswd1.PNG

       

2. For changing the each of the passwords for all private keys in the Keystore, we need to change it one by one. By default, there are 2 private key alias entries in the SMP Keystore file. i.e. smp_crt and tomcat

     /wp-content/uploads/2014/12/privatekeys_606355.png

2.1 To change the password for alias entry smp_crt, run the below command:

E:\SAP\MobilePlatform3\Server\configuration>keytool -keypasswd -alias smp_crt -new s4pAdmin -keystore smp_keystore.jks

     Keystore password:                        s4pAdmin (new keystore password as per step #1)

     Enter key password for <smp_crt> : s3pAdmin (current password)

 

       smp_crt.PNG

2.2 To change the password for alias entry tomcat, run the below command:

     E:\SAP\MobilePlatform3\Server\configuration>keytool -keypasswd -alias tomcat -new s4pAdmin -keystore smp_keystore.jks

     Keystore password:                      s4pAdmin (new keystore password as per step #1)

     Enter key password for <tomcat> : s3pAdmin (current password)

     tomcat.PNG

3. Now, we need to configure the SMP to recognize the new password:

3.1  We have to encrypt the new password by obtaining the secret key from theDsecretKeyproperty (E:\SAP\MobilePlatform3\Server\props.ini)

         /wp-content/uploads/2014/12/dsecretkey_606395.png

3.2 Run the below command:

               java -jar tools\cipher\CLIEncrypter.jar <secretKey> <newPassword>

E:\SAP\MobilePlatform3\Server>java -jar tools\cipher\CLIEncrypter.jar Vv4bm3LniE s4pAdmin

     /wp-content/uploads/2014/12/dsecretkeycommand_606407.png

3.3 Open com.sap.mobile.platform.server.foundation.config.encryption.properties file available E:\SAP\MobilePlatform3\Server\config_master\com.sap.mobile.platform.server.foundation.config.encryption

  • Here we need to updateprivateKeystorePass to replace the existing password with the new encrypted password, keeping{enc}as the prefix.

         

          /wp-content/uploads/2014/12/privatekeystore_607009.png

  • Save the changes.
  • Restart restart the server for the changes to take effect.



Tips:


To verify if above changes have been reflected, you can use keytool generator KeyStore Explorer to open Keystore file.

(A) . To verify Keystore password:


                      keystoreex1.PNG

    



(B) To verify the password of alias smp_crt and tomcat


  • Open keytool explorer, Right click smp_crt>View Details > Private Key Details >Enter new password


          /wp-content/uploads/2014/12/smp_crt_verify_607007.png



  • If password is wrong, you would see an error message like below:


                   smp_crt_error.PNG 



I hope it helps.


Regards,

JK

(@jkkansal1987)

To report this post you need to login first.

9 Comments

You must be Logged on to comment or reply to a post.

  1. Jacco Raymakers

    Hi JK.

    Im am getting the following error when importing a cerficate in the keystore:

    keytool error: java.io.IOException: Keystore was tampered with, or password was

    incorrect

    So my opinion is that the password is not correct.

    To my opinion the default password is: changeit , but for a reason is not correct.

    So basically I am facing the same problem… but only for the Mobile Runtime Environment.

    Although the paths are different…..can the same procedure be used for changing the password for the keystore of the MBO runtime environment as decribed above?

    Thanks in advance!

    Kind regards,

    Jacco Raymakers

    (0) 
    1. jitendra kansal Post author

      Jacco Raymakers

      Im am getting the following error when importing a cerficate in the keystore:

      keytool error: java.io.IOException: Keystore was tampered with, or password was

      incorrect

      So my opinion is that the password is not correct.

      To my opinion the default password is: changeit , but for a reason is not correct.

      That means you have forgot SMP3 keystore password? I suggest you to open SAP support ticket for the same?

      I haven’t tried with MBO runtime. So not sure if above process will work.

      Regards,

      JK

      (0) 
      1. Jacco Raymakers

        No, I do know the password for the SMP3.0 runtime as I have entered this during installation, but I don’t know the password for the MBO runtime, which is another keystore file located at: E:\SAP\MobilePlatform3\MR30\Servers\UnwiredServer\Repository\Security\keystore.jks

        OK I will open a ticket.

        Thanks!

        Kind Regards,

        Jacco Raymakers

        (0) 
          1. Jacco Raymakers

            Hi Jitendra,

            I the end, yes. I opened a ticket and SAP Support provided me the password.

            The value of the password of the keystore of the MBO runtime was different as I expected.
            But it is strange that this password nowhere is documented. I asked how to find this password, or which tools can be used to find this password, but on these questions SAP Support gave me no answer….

            Kind Regards,

            Jacco Raymakers

            (0) 
              1. Jacco Raymakers

                Hi Edison,

                The value of the password depends on the initial version installed of SMP 3.0.

                Which SP level is installed now and what was the initial version.

                I only found it after contacting SAP OSS.

                I do know the password value of SMP 3.0 SP04 onwards it is: mQA53kgS70

                If this is not the value you have to contact SAP OSS.

                One important note: this password must / may  not be changed. This was the reaction of SAP.

                If you change the password and after a reboot of SMP, you will run into issues.

                Kind regards,

                (0) 

Leave a Reply