AnsweredAssumed Answered

Seperate Key store from Policy Store

Question asked by SamWalker on Aug 15, 2016
Latest reply on Aug 15, 2016 by Ujwol Shrestha

Hello everyone, I am presuming this question might have been answered earlier , if it is appreciate if you can redirect me to the tec note.

 

We are going to operate in mixed mode for few months, where some policy servers will be in R1251 and some in R1252cr5. In our test environment, I m successfully running both versions of policy servers with R1251 and R1252cr1(still in the process of patching it to our ideal cr5) policy store. We use policy store as our key store as well. So far no issues noted in a month or so. SSO works great.  R1252 policy server generates the keys, R1251 is just accepting.However, some CA folks told us that we may run into issues if we use R1251 policy servers with R1252 policy store. So to avoid unforeseen issues we have decided to use seperate policy stores , with r1251 going to its policy store and R1252 to their policy stores. However, since those policy store clusters cannot  be replicated , I can not use them to hold key stores. I have to seperate out key store and point all my policy servers to that key store.

 

Is there a quick guide to achieve this with commands and etc? When I create the key store schema(I am assuming I have to) should I configure it with R1252 or R1251 or it shd not matter? Appreciate any thoughts. Thanks  in advance.

My key store is going to be AD LDS on Windows 2008 server.

Outcomes