Microsoft KB Archive/937686

= How to change profile data to use a new key pair XML file in Commerce Server 2007 =

Article ID: 937686

Article Last Modified on 6/12/2007

-

APPLIES TO


 * Microsoft Commerce Server 2007 Developer Edition
 * Microsoft Commerce Server 2007 Enterprise Edition
 * Microsoft Commerce Server 2007 Standard Edition

-





INTRODUCTION
When you use asymmetric encryption for profile property values and you must encrypt multiple servers in Microsoft Commerce Server 2007, you must use the original key pair XML file. For example, when you must encrypt servers in a Web farm, you must use the original key pair XML file. However, if you lose the original key pair XML file, and you have existing encrypted profile data, you can change the profile data to use a new key pair XML file.



MORE INFORMATION
To change the profile data to use a new key pair XML file, follow these steps:   Create a new key pair. Put the key pair in the NewKey.xml file. To do this, run the following command on the existing server: ProfileKeyManager.exe /kn /o NewKey.xml Note By default, the ProfileKeyManager.exe file is located in the C:\Program Files\Microsoft Commerce Server 2007\Tools folder.   To change encrypted profile data to use the new key pair that you created in step 1, run the following command on the existing server: ProfileKeyManager.exe /kc /kfo oldkey.xml /kfn NewKey.xml /i 2 /config 3ProfileConnStrings.config Notes  The Oldkey.xml file contains the registry key path. The NewKey.xml file is the XML file that you created in step 1. The 3ProfileConnStrings.config file contains profile resource connections.   Copy the NewKey.xml file that you created in step 1 to another server. Run the following command on the other server to specify the registry path for the new key pair: ProfileKeyManager.exe /ke /kf NewKey.xml /Reg &quot; &quot; Note The &quot;registry key path&quot; placeholder represents the registry key path. </li>  On the other server, add the following code to the encryption tags in the Web.config file: <keys keyIndex=&quot;2&quot;> <add type=&quot;publicKey&quot; value=&quot;registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Commerce Server 2007 Keys\NewKey,PublicKey&quot;/> <add type=&quot;privateKey1&quot; value=&quot;registry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Commerce Server 2007 Keys\NewKey,PrivateKey&quot;/> <add type=&quot;privateKey2&quot; value=&quot;&quot;/> Note You may make the change in the Profile Web service Web.config file if you want the encrypted values to be visible in the Customer and Orders Manager client. </li></ol>

Keywords: kbtshoot kbhowto KB937686

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.