Generating a Key Pair

The Application Server uses an asymmetric encryption system to communicate with a client, using a public-private key pair that you generate during installation.

The Application Server and Ivanti Device and Application Control clients contain an embedded default public and private key pair that should only be used with an evaluation license. Ivanti provides a Key Pair Generator utility, which generates a key pair for fully licensed application installations. The key pair ensures the integrity for communication between the Application Server and clients.

When an Application Server cannot find a valid key pair at startup, the event is logged and Ivanti Device and Application Control uses the default key pair.

Caution: When you are using Device Control, do not change the key pair:

  • For media encrypted before exchanging a key pair, which will result in disabling password recovery for the previously encrypted media.
  • During an Ivanti Device and Application Control upgrade installation which will result in the loss of access to media previously encrypted centrally and subsequent loss of data.
  • During an Ivanti Device and Application Control upgrade installation when client hardening is enabled, which will cause Application Control and Device Control installations to fail.
  1. From the location where you saved the Ivanti Device and Application Control application software, run the server\keygen\keygen.exe file.
    The Key Pair Generator dialog opens.
    Key Pair Generator dialog
  2. In the Directory field, enter the name of the temporary directory where you will save the key pair.
  3. In the Seed field, type a random alphanumeric text string.
    This text is used to initiate the random number generator; the longer the text string the more secure the key pair.
  4. Click Create keys.
    The Key Pair Generator confirmation dialog opens.
    Key Pair Generator confirmation dialog
  5. Click OK.
    You return to the Key Pair Generator dialog.
  6. Click Exit.
    The keys are saved as sx-private.key and sx-public.key files in the directory you specified.

After Completing This Task:

Distribute the key pair by copying the sx-private.key and sx-public.key files to c:\windows\system32 on the computer(s) where you are installing the Application Server. At startup, the Application Server searches all drive locations for a valid key pair, stopping at the first valid key pair.