Backup the SLNX Database
SLNX provides the Security Key Backup and Restore command line tool to back up and restore RSA security keys from the registry.
-
Back up the database using the backup tool provided with SQL Server.
-
Locate the RSA encryption key backup/restore tool (PrivateKeyBackupRestoreCmd.exe)that is stored in the following folder: (Install path)\tools\SecurityTools\Core\PrivateKeyBackupRestore
- Execute the tool by using a user account that has administrative privileges.
- Execute the tool under the same user account as the account that is used to start the SLNX service.
- The tool accesses the Windows registry when executed and requires the permission of the system or user account that was used to install SLNX.
-
To perform a backup, enter arguments in the command prompt by following this example:
PrivateKeyBackupRestoreCmd.exe --action backup --
location C:\tmp\slnx_keypair.pem --password mypassword
|
Argument |
Description |
Possible Values |
|---|---|---|
|
--action |
Specifies the action to perform. This is a required parameter. |
backup restore |
|
--location |
During backup, this is the full path/filename where the backup will be saved. (e.g., C:\backups\slnx_keypair.pem) On restore, this is the full path/filename of the backup file to restore. This is a required parameter. |
|
|
--password |
Specifies the password of the backup file. This is a required parameter. This password must be at least 4 characters in length. If you do not enter at least 4 characters, the tool will present an error and will not proceed. |
|
|
--account |
An optional argument used during a restore to give privileges to an additional account that can access the RSA security keys. |
Notes for RSA encryption keys and Security Connection Keys
RSA Encryption Keys: Keys used by Core Server to encrypt/decrypt security connection keys to protect them in the database or on disk.
Security Connection Keys: Keys defined by the administrator for data exchange services. This allows the SLNX services listed below and applications to establish trust
-
RICOH SLNX Central Manager Service
-
RICOH SLNX Delegation Server Service
-
RICOH SLNX Mobile Intranet Extender Service
If you do not have a backup of the RSA encryption keys or want to change your RSA and Security Connection keys for security reasons, there are tools provided in SLNX to set new Security Connection Keys and generate new RSA encryption keys, using Core Server.
Change Security Connection Keys on Core Server and update them for all other SLNX services and applications. Reinstall MIE server, embedded applications, and SLNX PC Client if their Security Connection keys are changed. However, you can change the Security Connection Key on Delegation Server to the new key without reinstallation. If you do not have a backup of the RSA encryption keys but use the same Security Connection Keys when regenerating them, no action is required for the other SLNX services and applications.
Regenerate certificates tools (RegenerateCertificates.exe)
This tool generates new RSA encryption keys and allows the administrator to set the Security Connection Keys for Delegation Server, MIE server, SLNX PC Client, SLNX Embedded application, and SDK User Management. When running on a cluster, this tool must be executed on the node on which the RICOH SLNX Central Manager Service is currently active.
This tool resides under the following path on the Core Server: (Install path)\Tools\SecurityTools\Core\RegenerateCertificates
Set the security connection key on Delegation Server (SetSecurityConnectionKey.exe)
To update the Security Connection Key on Delegation Server after changing it on Core Server, execute the SetSecurityConnectionKey on each Delegation server. If running on a cluster, this tool must be executed on the node on which the RICOH SLNX Delegation Server Service is currently active.
This tool resides under the following path on Delegation Server: (Install path)\Tools\SecurityTools\DS\SetSecurityConnectionKey
