For Netweaver 7.1 and above, SAP provide a Java class that you can use to check the Secure Store keyphrase.
In this post I provide a simple way to check the keyphrase without making any destructive changes in Netweaver AS Java 7.02.
Why Check the Keyphrase?
Being able to check the Netweaver AS Java Secure Store keyphrase is useful when setting up SAP ASE HADR. The Software Provisioning Manager requests the keyphrase when installing the companion database on the standby/DR server.
The Check Process
In NW 7.02, you can use the following method, to check that you have the correct keyphrase for the Secure Store.
As the adm Linux user on the Java Central Instance, we first set up some useful variables:
setenv SLTOOLS /sapmnt/${SAPSYSTEMNAME}/global/sltools
setenv LIB ${SLTOOLS}/sharedlib
setenv IAIK ${SLTOOLS}/../security/lib/tools Now we can call the java code that allows us to create a temporary Secure Store using the same keyphrase that we think is the real Secure Store keyphrase:NOTE : We change “thepw” for the keyphrase that we think is correct.
/usr/sap/${SAPSYSTEMNAME}/J*/exe/sapjvm_*/bin/java -classpath "${LIB}/tc_sec_secstorefs.jar:${LIB}/exception.jar:${IAIK}/iaik_jce.jar:${LIB}/logging.jar" com.sap.security.core.server.secstorefs.SecStoreFS create -s ${SAPSYSTEMNAME} -f /tmp/${SAPSYSTEMNAME}sec.properties -k /tmp/${SAPSYSTEMNAME}sec.key -enc -p "thepw" The output of the command above is 2 files in the /tmp folder, called sec.key and sec.properties.
cksum /sapmnt/${SAPSYSTEMNAME}/global/security/data/SecStore.key
cksum /tmp/${SAPSYSTEMNAME}Sec.key
You may also be interested in:
