Creating Key Chain Objects
Procedure
| 1 |
Choose . |
||
| 2 |
Choose Key Chain from the list of object types. |
||
| 3 |
Click Add Key Chain. |
||
| 4 |
In the Add Key Chain Object dialog box, enter a name for the key chain in the Name field. The name must start with an underscore or alphabet, followed by alphanumeric characters or special characters( -, _, +, .). |
||
| 5 |
To add a key to the key chain, click Add. |
||
| 6 |
Specify the key identifier in the Key ID field. The key id value can be between 0 and 255. Use the value 0 only when you want to signal an invalid key. |
||
| 7 |
The Algorithm field and the Crypto Encryption Type field displays the supported algorithm and the encryption type, namely MD5 and Plain Text respectively. |
||
| 8 |
Enter the password in the Crypto Key String field, and re-enter the password in the Confirm Crypto Key String field.
|
||
| 9 |
To set the time interval for a device to accept/send the key during key exchange with another device, provide the lifetime values in the Accept Lifetime and Send Lifetime fields:
The end time can be the duration, the absolute time when the accept/send lifetime ends, or never expires. The default end time is DateTime. Following are the validation rules for the start and end values:
|
||
| 10 |
Click Add. Repeat steps 5 to 10 to create keys. Create a minimum of two keys for a key chain with overlapping lifetimes. This helps to prevent loss of key-secured communication due to absence of an active key. |
||
| 11 |
Manage overrides for the object:
|
||
| 12 |
Click Save. |
What to do next
-
If an active policy references your object, deploy configuration changes.