Disabling automatic generation of Lightweight Third Party Authentication keys
You can disable the automatic generation of new Lightweight Third Party Authentication (LTPA) keys for key sets that are members of a key set group. Automatic generation creates new keys on a schedule that you specify when you configure a key set group, which manages one or more key sets. WebSphere® Application Server uses key set groups to automatically generate cryptographic keys or multiple synchronized key sets.
Before you begin
The default key set group is CellLTPAKeySetGroup.
About this task
Note: You might
want to disable the automatic generation of these keys so that you
can generate them on a schedule. You should definitely disable automatic
key generation if you disable node automatic synchronization. This
disabling eventually causes the LTPA keys to fall out of synchronization
between the deployment manager and the node agents. Also, you should
disable automatic key generation if you import or export LTPA keys
to or from another cell. The automatic generation of LTPA keys changes
keys over time and causes the cells to fall out of synchronization.
The following steps are needed to complete this task in the administrative console.
Procedure
- Click Security > SSL certificate and key management > Manage endpoint security configurations.
- Expand the tree to the inbound or outbound management scope that contains the key set group, and then click the scope link.
- Under Related Items, click Key Set Groups.
- Click the key set group that you want to disable.
- Clear the Automatically generate keys option.
- Click OK and Save to save the changes to the master configuration.
- Start the server again for the changes to become active.
Results
Tip: You can generate
keys manually at any time by completing the following steps:
- Open the key set group collection.
- Select the check box for the key set group.
- Click Generate keys.