WAS v8.5 > Secure applications > Authenticate users > Select an authentication mechanism > Configure LTPA and work with keys > Step 2. Generate keys manually or automatically, and control the number of active keys.Change the number of active LTPA keys
Key sets manage LTPA keys in a key store based on a key alias prefix. A key alias prefix is automatically generated when we generate a new key and store it in a key store. Key stores can contain multiple versions of keys for any given key alias prefix. We can specify a maximum number of active keys in the key set configuration.
You must know the name of the key set group and the management scope where the key set group is defined.
The default key set group that is created to manage LTPA keys is NodeLTPAKeySetGroup. Complete the following steps in the dmgr console.
LTPA keys are used to encrypt the LTPA token. You might want to set a specific number of active keys that WebSphere Application Server returns when the server queries for keys for a particular key set. The following steps are needed to complete this task in the dmgr console.
- Click Security > SSL certificate and key management > Manage endpoint security configurations.
- Expand the tree to the inbound or outbound management scope containing the key set group, and then click the scope link.
- Under Related Items, click Key Sets.
- Click the key set to modify.
- In the Maximum number of keys referenced field, type a numerical value for the maximum number of keys to activate.
- Click OK and Save to save the changes to the master configuration.
- Start the server again for the changes to become active. WAS activates only the number of recent keys that you specified.
Results
The Maximum number of keys referenced value determines how many active keys are returned when the server queries for keys for the selected key set.
We can click Active key history in the Key set panel to display the keys that are active for this key set.
Related concepts:
LTPA key sets and key set groups
Related
Generate LTPA keys