Symantec SiteMinder

 View Only

Tech Tip : CA Single Sign-On :Policy Server: How to enable manual key rollover option for dynamic agent keys

By Ujwol posted Aug 09, 2017 03:19 AM

  

Introduction

The manual key rollover option for Dynamic Agent Key is disabled by default. 

This KB guides how to enable this feature.

 

Environment

Policy server : r12.5 and above

Instructions

1. Perform a full key store export by running following command :

smkeyexport -d<admin> -w<password> -okeys.txt

 

2. Once the key store is is exported, change the value for IsEnabled option under KeyManagement to true from false:

Old :

objectclass: KeyManagement
Oid: 1a-XXXXX
IsEnabled: false
ChangeFrequency: 0
ChangeValue: 0
NewKeyTime: 0
OldKeyTime: 1502258688
FireHour: 0
PersistentKey: {RC2}2SraPUoK8PLYItUrJFCeck7rlcWl77g+3vpJY07rso39+ojFmbn7zn0IdwGjWeCQ

 

New :

objectclass: KeyManagement

Oid: 1a-XXXXX
IsEnabled: true
ChangeFrequency: 0
ChangeValue: 0
NewKeyTime: 0
OldKeyTime: 1502258688
FireHour: 0
PersistentKey: {RC2}2SraPUoK8PLYItUrJFCeck7rlcWl77g+3vpJY07rso39+ojFmbn7zn0IdwGjWeCQ

Note : DO NOT MAKE ANY OTHER CHANGE

 

3. After making the above change, save the export file and import it by running following command :

smkeyimport -d<admin> -w<password> -ikeys.txt

4. You should now have the manual rollover option enabled for the dynamic agent key 

 

0 comments
3 views