Policy Server upgrade and Encryption Key value
search cancel

Policy Server upgrade and Encryption Key value


Article ID: 191522


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER


When planning a Policy Server upgrade, some questions might raise:

  1. What would be the Encryption Key (EncryptionKey) value? Will it be the same as exiting Policy Servers?
  2. When configuring the existing production Policy Store to start the new Policy Server.

    What measures are needed to be taken before and after starting the Policy Servers?
    What settings should be in-place to avoid any issues in existing production environment?

  3. When configuring the existing Key Store to start our new Policy Servers, what are the measures/settings that are needed to be taken to avoid any issues in Key Store?

    Static keys are in use in the Production environment.

  4. Will there be any other configuration setting needs to be taken care before starting the Policy Server?



Policy Server 12.8SP3 on RedHat 7;




  1. If the Policy Server uses the same Policy and Key Stores, then the Encryption Key (EncryptionKey) value should be the same (1)(2)(3).
  2. Before migrating the Policy Store data to another Policy Store instance, ensure that the Policy Store objects are completely healthy (4).
     Only set 1 Policy Server to roll the keys if there are dynamic Agent Keys (5)(6).

  3. About the question 3, see the answers on point 2 above.
  4. Finally, read carefully the Upgrade entire section from the documentation (7) to consider all the aspects of the upgrade process.



Additional Information