search cancel

How to encrypt the Certificate DB Password in the Sm.registry file without using the Policy Server Management Console (SMConsole) on Linux


Article ID: 258405


Updated On:




The Policy Server Management Console (SMConsole) is a GUI-based application that runs natively on Windows Server or is accessed using X11 forwarding on Linux. By default the cert8.db (Siteminder 12.8.05 and earlier) or cert9.db (Siteminder 12.8.06 and later) password is encrypted using the Policy Store encryption key by the SMConsole in the Windows registry or the <Siteminder_Install_Dir>/CA/siteminder/registry/sm.registry file on Linux.

In Linux environments where X11 forwarding is not permitted for security or other reasons, any attempts to populate the certificate database password by altering sm.registry manually without using the SMConsole will cause the password to be stored in plain text.


To encrypt the certificate database password manually without SMConsole, please follow the steps below.

  1. Log on to the Policy Server.
    1. Backup the following file.


    2. For example:

      cp -R <Siteminder_Install_Dir>/CA/siteminder/registry/sm.registry <Siteminder_Install_Dir>/CA/siteminder/registry/sm.registry.BAK

  2. Run the following command:

    smldapsetup reg -g<Password>

This will update the CertDbPW value under the following registry key to the new, encrypted value.