Endpoints can communicate with other CA ControlMinder components that use different encryption methods. The encryption_methods configuration setting in the crypto section specifies the symmetric encryption methods that the endpoint accepts.
By default the configuration setting lists the following encryption methods, in order:
When the CA ControlMinder Agent decrypts incoming communication from another component, it attempts to use each method in the list, in turn, until the decryption is successful. The Agent uses the same encryption method to encrypt outgoing communication to that component.
Similarly, when the CA ControlMinder Web Service tries to connect to an endpoint, it attempts to use each method in the list, in turn, until it successfully communicates with the endpoint.
Multiple encryption methods let you easily upgrade an enterprise CA ControlMinder deployment. For example, you have an r12.5 deployment that uses DES encryption. You want to perform a staged upgrade to r12.5 SP4 and change the encryption method to AES256 for the upgraded components. You upgrade the Enterprise Management Server to r12.5 SP4; the server now uses AES256 encryption by default. However, because the r12.5 SP4 server can also communicate with CA ControlMinder components that use DES encryption, the Enterprise Management Server can continue to manage the r12.5 endpoints.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|