You can specify the shared keys and configure
the authentication
mechanism that is used to exchange information between servers to
import and
export LTPA keys across multiple WebSphere® Application
Server cells.
Before you begin
You must be sure that the exported key file for the multiple
cells
is accessible on the host where WebSphere Application
Server is running.
Also, you must know the password that was used when the keys were
exported. Note: You
should disable automatic key generation if you import or export keys
to or
from another cell. This disabling causes the imported keys to get
lost and
the exported keys to no longer interoperate with this cell over time.
At runtime, the default key sets are NodeLTPASecret
and
NodeLTPAKeyPair. The default key group is NodeLTPAKeySetGroup. After
generation,
keys are stored in the default key store NodeLTPAKeys.
About this task
Complete
the following steps to manage LTPA keys using the administrative
console.
Procedure
- Access the administrative console.
Type http://fully_qualified_host_name:port_number/ibm/console to
access the administrative console in a web browser.
- Verify that all of the WebSphere Application
Server processes
are running, including cells, nodes, and all of the application servers.
If any of the servers are down at the time of key generation
and then
brought back up later, these servers might contain old keys. Copy
the new
set of keys to these servers, then bring them back up.
- Click Security > Global security > Authentication
mechanisms
and expiration.
- Click LTPA.
- Type the password for the LTPA keys in the Password field.
Enter a password that is used to encrypt and decrypt the LTPA
keys from
the single sign-on (SSO) properties file. During import, this password
should
match the password that is used to export the keys at another LTPA
server.
During export, remember this password in order to provide it during
the import
operation.
- Type the password again in the Confirm
password field.
- Select from among the following
options:
- Start the server again for any changes
you make to become active.
Results
The shared
LTPA keys are now available for WebSphere Application
Server to use
for secure connections.
What to do next
After the keys are generated
or imported, they are used to encrypt
and decrypt the LTPA token. To view the latest key version, see Changing the number of active LTPA keys.