Introduction: 

During the install of the CA Secure Gateway (formerly CA Secure Proxy Server) one of the screens presented on install is one asking to "Enter the Master Key for Policy Server".

<Please see attached file for image>

Question: 

What is the "Master Key for Policy Server' ?

Environment:  

All (windows, linux, solaris)

Answer: 

There is some confusion as the policy server key that first comes to mind is the one that is stored in EncryptionKey.txt on the policy server, as this is the key used to encrypt sensitive data stored in the policy store and in the registry - this is not that key.

This key is the Session Assurance Master Key, which is used by the RiskMinder service which (since R12.52) is installed on default install of the Policy Server and the CA Secure Gateway.  So when you install either the Policy Server or the CA Secure Gateway you will be asked for this key.

The key that you enter on install of the CA Secure Gateway must match the one you entered when installing the Policy Server.  You can change this key by re-running the install process, selecting no entries and then you will be re-prompted for the new Session Assurance Master Key value. 

Additional Information:

How to Configure Enhanced Session Assurance with DeviceDNA(tm)
https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/configuring/policy-server-configuration/enhanced-session-assurance-with-devicedna