You can disable the automatic
generation of new Lightweight Third
Party Authentication (LTPA) keys for key sets that are members of
a key set
group. Automatic generation creates new keys on a schedule that you
specify
when you configure a key set group, which manages one or more key
sets. WebSphere® Application
Server uses key set groups to automatically generate cryptographic
keys or
multiple synchronized key sets.
Before you begin
You must know the
name of the key set group and the management scope
where the key set group is defined.
The
default key set group is CellLTPAKeySetGroup.
About this task
LTPA
keys are used to encrypt the LTPA token.
Note: You might want
to disable the automatic generation of these keys so that you can
generate
them on a schedule. You should definitely disable automatic key generation
if you disable node automatic synchronization. This disabling eventually
causes the LTPA keys to fall out of synchronization between the
deployment manager and the node agents. Also, you should disable
automatic
key generation if you import or export LTPA keys to or from another
cell.
The automatic generation of LTPA keys changes keys over time and
causes
the cells to fall out of synchronization.
The following steps
are
needed to complete this task in the administrative console.
Procedure
- Click Security > SSL certificate and key management >
Manage endpoint security configurations.
- Expand
the tree to the inbound or outbound management scope that
contains the key set group, and then click the scope link.
- Under Related Items, click Key Set Groups.
- Click the key set group that you want to disable.
- Clear the Automatically generate keys option.
- Click OK and Save to save the changes
to the master
configuration.
- Start the server again for the
changes to become active.
Results
You have disabled
the automatic generation of LTPA keys for the key
sets in the key set group.
Tip: You can generate keys
manually
at any time by completing the following steps:
- Open
the key set group collection.
- Select the check box beside
the key set group.
- Click Generate keys.