When a single Policy Server generates encryption keys in an environment with multiple Policy Servers that connect to disparate policy stores, but share a central key store, an additional registry setting is required. This registry setting configures each Policy Server to poll the common key store and retrieve new encryption keys at a regular interval.
To configure the EnableKeyUpdate registry key on a Windows Policy Server
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\ CurrentVersion\ObjectStore
"EnableKeyUpdate"=0
to
"EnableKeyUpdate"=1
To configure the EnableKeyUpdate registry key on a UNIX Policy Server
install_directory/siteminder/registry
HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\ CurrentVersion\ObjectStore
"EnableKeyUpdate"=0
to
"EnableKeyUpdate"=1
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |