One of the Agent key management features lets you manually rollover dynamic Agent keys. This feature provides added security because the keys can be rolled over at any time. You can also use this feature if you want the Policy Server to generate dynamic keys, but you do not want the keys to rollover at a fixed interval.
To manually rollover dynamic Agent keys
The Key Management pane opens.
The pane changes to support dynamic keys.
The Policy Server immediately generates new Agent keys. Unless you manually execute an Agent key rollover, the Policy Server does not generate new dynamic keys automatically.
Note: Do not click this button multiple times unless you want to rollover keys more than once.
Web Agents pick up the new keys the next time they poll the Policy Server, which may take up to three minutes due to cache synchronization. If you want to use an entirely new set of keys to for security reasons, you can rollover dynamic keys twice to remove the old key and the current key from the key store.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |