Introduction
The manual key rollover option for Dynamic Agent Key is disabled by default.
This KB guides how to enable this feature.
Environment
Policy server : r12.5 and above
Instructions
1. Perform a full key store export by running following command :
smkeyexport -d<admin> -w<password> -okeys.txt
2. Once the key store is is exported, change the value for IsEnabled option under KeyManagement to true from false:
Old :
objectclass: KeyManagement
Oid: 1a-XXXXX
IsEnabled: false
ChangeFrequency: 0
ChangeValue: 0
NewKeyTime: 0
OldKeyTime: 1502258688
FireHour: 0
PersistentKey: {RC2}2SraPUoK8PLYItUrJFCeck7rlcWl77g+3vpJY07rso39+ojFmbn7zn0IdwGjWeCQ
New :
objectclass: KeyManagement
Oid: 1a-XXXXX
IsEnabled: true
ChangeFrequency: 0
ChangeValue: 0
NewKeyTime: 0
OldKeyTime: 1502258688
FireHour: 0
PersistentKey: {RC2}2SraPUoK8PLYItUrJFCeck7rlcWl77g+3vpJY07rso39+ojFmbn7zn0IdwGjWeCQ
Note : DO NOT MAKE ANY OTHER CHANGE
3. After making the above change, save the export file and import it by running following command :
smkeyimport -d<admin> -w<password> -ikeys.txt
4. You should now have the manual rollover option enabled for the dynamic agent key