Creating Key Chain Objects
Procedure
Step 1 | Choose . | ||
Step 2 | Choose Key Chain from the list of object types. | ||
Step 3 | Click Add Key Chain. | ||
Step 4 | In the Add Key Chain Object dialog box, enter a name for the key chain in the Name field. The name must start with an underscore or alphabet, followed by alphanumeric characters or special characters( -, _, +, .). | ||
Step 5 | To add a key to the key chain, click Add. | ||
Step 6 | Specify the key identifier in the Key ID field. The key id value can be between 0 and 255. Use the value 0 only when you want to signal an invalid key. | ||
Step 7 | The Algorithm field and the Crypto Encryption Type field displays the supported algorithm and the encryption type, namely MD5 and Plain Text respectively. | ||
Step 8 | Enter the password in the Crypto Key String field, and re-enter the password in the Confirm Crypto Key String field.
| ||
Step 9 | To set the time interval for a device to accept/send the key during key exchange with another device, provide the lifetime values in the Accept Lifetime and Send Lifetime fields:
The end time can be the duration, the absolute time when the accept/send lifetime ends, or never expires. The default end time is DateTime. Following are the validation rules for the start and end values:
| ||
Step 10 | Click Add. Repeat steps 5 to 10 to create keys. Create a minimum of two keys for a key chain with overlapping lifetimes. This helps to prevent loss of key-secured communication due to absence of an active key. | ||
Step 11 | Manage overrides for the object:
| ||
Step 12 | Click Save. |
What to do next
-
If an active policy references your object, deploy configuration changes.