During installation of the SMP 3.0 server, it will automatically generate a self-signed certificate that will be used for Agentry server authentication (among other things).  This certificate will be based on the fully qualified domain name (FQDN) at the time of the installation.  Should this change for any reason or need to reference an external name versus an internal name you will need to regenerate the certificate.

This document outlines the steps needed to regenerate the certificate using the Java keytool utility.  Please note that you will need to know the Keystore password you specified during installation of the SMP 3.0 server to perform these steps.  These commands assume the SMP Java directory is in your path and that you are executing the commands from the C:\SAP\MobilePlatform3\Server\configuration directory.

Note that with the release of SP08 the keystore filename where the certificate is stored has changed.  Please be sure to use the correct keystore name.

Keystore - pre-SP08 = smpkeystore.jks

Keystore - SP08+ = local_smpkeystore.jks

Note that in SP09 the java version the SMP server is using has changed to Java 8.  As a result I have updated the batch file to set the java directory name.

The steps are the same, only the file where it is stored has changed in SP08.

1. Remove the existing certificate
   • keytool -keystore {keystore filename} -delete -alias smp_crt -storepass {keystore password}
2. Create the new self-signed certificate (edit the dname information to match your organization details}
   • keytool -keystore {keystore filename} -genkeypair -keyalg RSA -sigalg SHA1withRSA -validity 3650 -alias smp_crt -dname "{C=country, ST=state, L=city, O=myorg, OU=myorgunit}, CN={New FQDN}, emailAddress={your email address}" -ext BC:ca:true -keypass {keystore password} -storepass {keystore password}
3. Export the new certificate for use with your Agentry clients
   • keytool -keystore {keystore filename} -export -alias smp_crt -file smp_crt.cer -rfc -storepass {keystore password} -keypass {keystore password}
4. After executing these commands restart your SMP 3.0 server to pickup the new certificate

In my case, I frequently need to regenerate my certificates due to changing networks and IP addresses so I have created the attached batch file to simplify the process.  I simply execute the batch file and it prompts me for the password and new FQDN and performs all the other steps opening Windows explorer to the configuration directory at the end so I can easily install, copy or email the new certificate out.

I have also updated the batch file to account to allow for easily setting the correct keystore name.

To use the batch file.

1. Download and attached file (unzip if necessary)
2. Rename from smp3-keygen.txt to smp3-keygen.bat
3. Edit the smp3-keygen.bat file and set the following variables at the beginning of the file.
   • SMP3ROOT - location of your SMP3 installation
   • SMP3JAVA - directory name of the SMP3 java folder (sapjvm_7 or sapjvm_8 for SP09+)
   • KEYSTOREFILE - the name of the keystore where the cert will be stored (See above based on the version of the SMP3 server you are running)
   • CERTINFO (country, state, locattion, organization, org unit)
   • CERTEMAIL - your email address (included in the certificate)
4. Run the batch file and input your new FQDN or IP address for the certificate
5. Enter the keystore password
6. Import or distribute the new certificate

Enjoy!