cancel
Showing results for 
Search instead for 
Did you mean: 

SMP Certificate Expiration

ed_miller
Participant
0 Kudos

SMP Experts.

I have used the following command for several versions of SMP 3.0 prior to SP08 to extend the expiration date of the "smp_cert.cer" certificate beyond the 2 year limit that is created out of the box.  The basic steps taken are listed below.  The commands are similar to this (some info changed to protect information - also I have a ".bat" file which executes the commands):

1) I would stop the SMP services.

2) Execute the ".bat" file which does the following basic commands

keytool -keystore smp_keystore.jks -delete -alias smp_crt -storepass %KEYSTORE_PW%

keytool -keystore smp_keystore.jks -genkeypair -keyalg RSA -sigalg SHA1withRSA -validity 1500 -alias smp_crt -dname "%CERTINFO%, CN=%FQDN%" -ext BC:ca:true -keypass %KEYSTORE_PW% -storepass %KEYSTORE_PW%

keytool -keystore smp_keystore.jks -export -alias smp_crt -file smp_crt.cer -rfc -storepass %KEYSTORE_PW% -keypass %KEYSTORE_PW%

3) Then I would install the newly created "smp_cert.cer" as well as use this certificate on devices (or other PC's if using ATE, for example).

4) Then start the SMP services back up.

When connecting from ATE, it would connect without issue.

However, here is my issue now that I've give SMP 3.0 SP08 installed.

I am getting the error of "Certificate '<certificate name here>' is not trusted: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."

Is there a new way of creating a new self-signed certificate in order to extend the date out further than 2 years?  By the way, I am using this with Agentry applications.

Thanks,

Ed

Accepted Solutions (1)

Accepted Solutions (1)

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Ed,

The same process still works but there was a slight change in SP08.  The smp_crt certificate is now stored in the local_smp_keystore.jks file instead of in the main smp_keystore.jks file.  The steps are still the same just substitute the new keystore name in there and you should be good to go.

--Bill

ed_miller
Participant
0 Kudos

Thank you, Bill.  Is the "smp_keystore.jks" used anymore, or is it completely replaced by the "local" version?

  Ed

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

It is still used and populated but the smp_crt certificate moved to the new file.  I don't know the reasoning behind it unfortunately.

--Bill

Answers (1)

Answers (1)

agentry_src
Active Contributor
0 Kudos

Discussion successfully moved from SAP for Mobile to SMP Developer Center as the more appropriate community for this topic.    

Regards, Mike (Moderator)

SAP Technology RIG