Enable IMA Encryption After Installation
Website Visitors:you can enable IMA encryption after you install or upgrade to XenApp. To enable IMA encryption, perform the following tasks:
• On any server in the farm, use the IMA encryption utility to generate a key
• Load the key to that server and enable IMA encryption
• Load the key on subsequent servers on the farm
To generate a key and enable IMA encryption on the first server in a farm
1. On the server on which you want to enable IMA encryption, run the generate option of the CTXKEYTOOL command. The following is an example of the command line to use to accomplish this:
ctxkeytool generate full UNC or absolute path, including the file name of the key you want to generate, to the location where you want to store the key file. Citrix suggests naming the key after the farm on which it will be used; for example, farmakey.ctx. Citrix also suggests saving the key to a folder that uses the name of your farm; for example, Farm A Key.
2. Press ENTER. The following message appears indicating that you successfully generated a key file for that server, “Key successfully generated.”
3. To obtain the key from the file and put it in the correct location on the server, run the load option of the CTXKEYTOOL command on the server on which you want to add the key. The following is an example:
ctxkeytool load full UNC or absolute path, including the key file name, to the location where you stored the key file
4. Press ENTER. The following message appears indicating that you successfully loaded the key on to that server: “Key successfully loaded.” You are now ready to enable the IMA encryption feature in the data store.
5. Run the newkey option of the CTXKEYTOOL command to use the currently loaded key and enable the key.
ctxkeytool newkey
6. Press ENTER. The following message appears indicating that you successfully enabled the IMA encryption feature in the data store: “The key for this farm has been replaced. IMA Encryption is enabled for this farm.”
You must have a key on every server in the farm for IMA encryption to work correctly.
7. Continue to the next procedure to load the key to each server.
To load a key on subsequent servers in the farm
1. If you do not have the key file on a shared network location, on the next server on which you want to begin enabling IMA encryption, load the key file to the server from a diskette or a USB flash drive.
2. To obtain the key from the file and put it in the correct location on the server, run the load option of the CTXKEYTOOL command on the server on which you want to add the key. The following is an example:
ctxkeytool load full UNC or absolute path, including the key file name, to the location where you stored the key file
3. Press ENTER. The following message appears indicating that you successfully loaded the key on to that server, “Key successfully loaded.”
You do not need to enable IMA encryption again (using the newkey option) because you have already enabled it on one server in the farm.
4. Repeat this process on every server in the farm
Want to learn more on Citrix Automations and solutions???
Subscribe to get our latest content by email.