Skip to Content
Aug 25, 2015 at 12:59 AM

SMP Certificate Expiration


SMP Experts.

I have used the following command for several versions of SMP 3.0 prior to SP08 to extend the expiration date of the "smp_cert.cer" certificate beyond the 2 year limit that is created out of the box. The basic steps taken are listed below. The commands are similar to this (some info changed to protect information - also I have a ".bat" file which executes the commands):

1) I would stop the SMP services.

2) Execute the ".bat" file which does the following basic commands

keytool -keystore smp_keystore.jks -delete -alias smp_crt -storepass %KEYSTORE_PW%

keytool -keystore smp_keystore.jks -genkeypair -keyalg RSA -sigalg SHA1withRSA -validity 1500 -alias smp_crt -dname "%CERTINFO%, CN=%FQDN%" -ext BC:ca:true -keypass %KEYSTORE_PW% -storepass %KEYSTORE_PW%

keytool -keystore smp_keystore.jks -export -alias smp_crt -file smp_crt.cer -rfc -storepass %KEYSTORE_PW% -keypass %KEYSTORE_PW%

3) Then I would install the newly created "smp_cert.cer" as well as use this certificate on devices (or other PC's if using ATE, for example).

4) Then start the SMP services back up.

When connecting from ATE, it would connect without issue.

However, here is my issue now that I've give SMP 3.0 SP08 installed.

I am getting the error of "Certificate '<certificate name here>' is not trusted: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."

Is there a new way of creating a new self-signed certificate in order to extend the date out further than 2 years? By the way, I am using this with Agentry applications.