If multiple Management Servers are pointing to the same database, it is important that all servers use the same certificate to encrypt and decrypt passwords. When you set up an additional server it will automatically install an encryption key. By default, the result will be two (or more) servers connected to one database with each server attempting to use its own encryption key.

To ensure all servers use the same encryption the Server Configuration Portal provides an Encryption page that enables you to share one certificate between multiple Management Servers. The encryption deployed uses the Microsoft Windows Cryptographic Service Provider to implement CryptoAPI.

The shared encryption requires you to nominate which encryption key to use for all servers. If one server has been used to encrypt passwords then that server must be used to share its encryption key.

Create transfer key

  1. From your nominated server, click the tree structure to navigate to the Encryption page.
    The presence of the encryption key is detected and The Encryption Key Status is shown asValid.

  1. Click STORE.
    This action will enable a transfer key to be made available by the nominated server. The transfer key can then be retrieved by the other servers connected to the same database.

  1. Enter the required password to protect the transfer key.

Once the password has been stored, the transfer key will be available for retrieval by other servers connected to the same database.

Retrieve key

From your other servers you will need to apply the following steps for each additional server you have connected to your database.

  1. From your secondary server(s), click the tree structure to navigate to the Encryption page.

  1. Click RETRIEVE and re-enter the password to decrypt the transfer key.

This process ensures that all Management servers share the same encryption key.

Delete key

After sharing the Transfer key with all of your servers you should delete it. The storage mechanism for the Transfer key is not FIPS compliant and should only be stored in the database while sharing the encryption key. You can delete the transfer key by clicking the Delete button from the nominated server.

Related topics