Policy Server Guides › Policy Server Administration Guide › Configuring and Managing Encryption Keys › Key Management Overview

Key Management Overview

To keep key information updated across large deployments, the Policy Server provides an automated key rollover mechanism. You can update keys automatically for Policy Server installations that share the same key store. Automating key changes helps ensure the integrity of the keys.

For CA SiteMinder® agents that are configured for single sign–on:

• Replicate the key store.
• Share the replicated store across all CA SiteMinder® environments in the single sign–on environment.

If the Policy Server determines that a stand–alone key store is unavailable, it attempts to reconnect to the key store to determine availability. If the connection fails, the Policy Server:

• Goes in to a suspended state and refuses any new requests on established connections until the key store comes back online.

  A Policy Server in a suspended state remains up for the length of time specified in SuspendTimeout. The Policy Server then shuts down gracefully. If SuspendTimeout is equal to zero, the Policy Server remains in the suspended state until the key store connection is reestablished.

• Returns an error status to let web agents failover to another Policy Server.
• Logs the appropriate error messages.

Additionally, when the Policy Server is started and the key store is unavailable, the Policy Server shuts down gracefully.

Use the Administrative UI to manage keys.