Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert

As we know that during SMP3 installation we provide the keystore password to protect SMP3 Keystore and Truststore locations. This Keystore password should be the same as all the private key passwords associated with the all the alias in the Keystore.


All the Keystore and Truststore related information are there in a single file. i.e. smp_keystore.jks (E:\SAP\MobilePlatform3\Server\configuration)


Keystore: The location where encryption keys, digital certificates and other credentials are stored (either encrypted or unencrypted keystore file types) for SAP                 Mobile Platform runtime components.

Truststore: The location where Certificate Authority (CA) signing certificates are stored.


Pre-requisite: Make sure to back-up the same file (C:\SAP\MobilePlatform3\Server\configuration\smp_keystore.jks)





1. First change the Keystore password by running the below command


E:\SAP\MobilePlatform3\Server\configuration>keytool -storepasswd -new s4pAdmin -keystore smp_keystore.jks

(Where s4pAdmin is the 'new password')

  • At prompt, enter the current password. (for me, it's s3pAdmin)




2. For changing the each of the passwords for all private keys in the Keystore, we need to change it one by one. By default, there are 2 private key alias entries in the SMP Keystore file. i.e. smp_crt and tomcat




2.1 To change the password for alias entry smp_crt, run the below command:



E:\SAP\MobilePlatform3\Server\configuration>keytool -keypasswd -alias smp_crt -new s4pAdmin -keystore smp_keystore.jks


Keystore password:                        s4pAdmin (new keystore password as per step #1)

Enter key password for <smp_crt> : s3pAdmin (current password)




2.2 To change the password for alias entry tomcat, run the below command:


E:\SAP\MobilePlatform3\Server\configuration>keytool -keypasswd -alias tomcat -new s4pAdmin -keystore smp_keystore.jks


Keystore password:                      s4pAdmin (new keystore password as per step #1)

Enter key password for <tomcat> : s3pAdmin (current password)





3. Now, we need to configure the SMP to recognize the new password:


3.1  We have to encrypt the new password by obtaining the secret key from the-DsecretKeyproperty (E:\SAP\MobilePlatform3\Server\props.ini)




3.2 Run the below command:


java -jar tools\cipher\CLIEncrypter.jar <secretKey> <newPassword>


E:\SAP\MobilePlatform3\Server>java -jar tools\cipher\CLIEncrypter.jar Vv4bm3LniE s4pAdmin



3.3 Open file available E:\SAP\MobilePlatform3\Server\config_master\


  • Here we need to updateprivateKeystorePass to replace the existing password with the new encrypted password, keeping{enc}as the prefix.



  • Save the changes.

  • Restart restart the server for the changes to take effect.





To verify if above changes have been reflected, you can use keytool generator KeyStore Explorer to open Keystore file.


(A) . To verify Keystore password:






(B) To verify the password of alias smp_crt and tomcat


  • Open keytool explorer, Right click smp_crt>View Details > Private Key Details >Enter new password





  • If password is wrong, you would see an error message like below:





I hope it helps.