Previous Topic: Generate a Session Ticket KeyNext Topic: Shared Secret for a Trusted Host

Policy Server GuidesPolicy Server Administration GuideConfiguring and Managing Encryption KeysReset the r12.x Policy Store Encryption KeyManually Enter the Session Ticket Key

Manually Enter the Session Ticket Key

If your Policy Server is part of an implementation that includes multiple key stores, you can manually enter the session ticket key.

To enter the session ticket key

  1. From the Administration tab, select Policy Server, Key Management.

    The Key Management pane opens.

  2. In the Specify a Session Ticket Key group box, enter values for the following fields:
    Session Ticket Key

    Enter a session ticket key

    Confirm

    Re-enter the session ticket key

  3. Click Rollover Now.

    The Policy Server immediately replaces the existing session ticket key with the value you entered.

  4. Click Submit.
Set the EnableKeyUpdate Registry Key

When a single Policy Server generates encryption keys in an environment with multiple Policy Servers that connect to disparate policy stores, but share a central key store, an additional registry setting is required. This registry setting configures each Policy Server to poll the common key store and retrieve new encryption keys at a regular interval.

To configure the EnableKeyUpdate registry key on a Windows Policy Server

  1. From the Windows Start menu, select Run.
  2. Enter regedit in the Run dialog box and click OK.
  3. In the Registry Editor, navigate to: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\
CurrentVersion\ObjectStore
  4. Change the following registry value:

    "EnableKeyUpdate"=0

    to

    "EnableKeyUpdate"=1

  5. Restart the Policy Server.

To configure the EnableKeyUpdate registry key on a UNIX Policy Server

  1. Navigate to: 
    install_directory/siteminder/registry
  2. Open sm.registry in a text editor.
  3. Locate the following text in the file: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\
CurrentVersion\ObjectStore
  4. Change the following registry value:

    "EnableKeyUpdate"=0

    to

    "EnableKeyUpdate"=1

  5. Restart the Policy Server.

More information:

Multiple Policy Stores with a Common Key Store