create a Separate keystore - 12.51

while performing the parallel migration from r6sp5 to r12.51 I gave the steps to separate a key-store in the r6sp5 environment. once that step is complete and migration of all app servers to the new environment are done - it is best to create a separate key-store for the r12.51 environment (reason being clients are already asking for another upgrade to .52).

with this in mind, below are the steps to create a separate key-store for r12.51. CA documentation is pretty straight forward in this case which is an exception.

• create a directory server (I used DSEE11g) on available port (30389/30636)
• create new suffix under it 'DC=Netegrity,DC=DOMAIN,DC=net' - in step 5 make sure to initialize top entry for the suffix while creating it. this is an important step.

• command to register the new key-store in the policy server : smldapsetup reg -hostX.X.X.X -p30389 -d"cn=directory manager" -wPASSWORD -r"DC=Netegrity" -k1
• verify in the console and correct if any mistakes
• command to generate the schema for keystore  : smldapsetup ldgen -fJune2014_newkeystoreschema.txt -k1
• command to update the schema into keystore  : smldapsetup ldmod -fJune2014_newkeystoreschema.txt -k1
• in policy server management console - keys tab - enable agent key generation
• start policy server and watch the logs.