Dynamic Agent Key Manual Rollover option is disabled

Document ID : KB000010612
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

The manual key rollover option for Dynamic Agent Key is by default disabled. 

dynamic agent key .jpg

This KB guides how to enable this feature.

 

Environment:
Policy server : r12.5 and above
Instructions:

1. Perform a full key store export by running following command :

smkeyexport -d<admin> -w<password> -okeys.txt

 

2. Once the key store is is exported, change the value for IsEnabled option under KeyManagement to true from false:

Old :

objectclass: KeyManagement

Oid: 1a-XXXXX

IsEnabled: false

ChangeFrequency: 0

ChangeValue: 0

NewKeyTime: 0

OldKeyTime: 1502258688

FireHour: 0

PersistentKey: {RC2}2SraPUoK8PLYItUrJFCeck7rlcWl77g+3vpJY07rso39+ojFmbn7zn0IdwGjWeCQ

 

New :

objectclass: KeyManagement

Oid: 1a-XXXXX

IsEnabled: true

ChangeFrequency: 0

ChangeValue: 0

NewKeyTime: 0

OldKeyTime: 1502258688

FireHour: 0

PersistentKey: {RC2}2SraPUoK8PLYItUrJFCeck7rlcWl77g+3vpJY07rso39+ojFmbn7zn0IdwGjWeCQ

Note : DO NOT MAKE ANY OTHER CHANGE

 

3. After making the above change, save the export file and import it by running following command :

smkeyimport -d<admin> -w<password> -ikeys.txt

4. You should now have the manual rollover option enabled for the dynamic agent key 

enabled.jpg