Disabling automatic generation of LTPA keys
You can disable the automatic generation of new Lightweight Third Party Authentication (LTPA) keys for key sets that are members of a key set group. Automatic generation creates new keys on a schedule specified when you configure a key set group, which manages one or more key sets. WebSphere Application Server uses key set groups to automatically generate cryptographic keys or multiple synchronized key sets. You must know the name of the key set group and the management scope where the key set group is defined.
The default key set group is CellLTPAKeySetGroup.
Overview
LTPA keys are used to encrypt the LTPA token. You might want to disable the auto-generation of these keys so that you can generate them on a schedule. The following steps are needed to complete this task in the administrative console.
Procedure
- Click Security > SSL certificate and key management > Manage endpoint security configurations.
- Expand the tree to the inbound or outbound management scope that contains the key set group, and then click the scope link.
- Under Related Items, click Key Set Groups.
- Click the key set group to disable.
- Clear the Automatically generate keys option.
- Click OK and Save to save the changes to the master configuration.
- Start the server again for the changes to become active.
Results
You have disabled the automatic generation of LTPA keys for the key sets in the key set group.You can generate keys manually at any time by completing the following steps:
- Open the key set group collection.
- Select the check box beside the key set group.
- Click Generate keys.
LTPA key sets and key set groups
Related tasks
Generating LTPA keys