|Applies To||RSA ACE/Agent 4.4 for Windows NT (no longer supported as of 3-3-2003)|
RSA ACE/Agent 1.2 for Netscape
|Issue||How to share domain secrets between RSA ACE/Agent 1.2 for Netscape and RSA ACE/Agent 4.4 for Windows|
|Resolution||If RSA ACE/Agent 4.3 with the web option installed is available, it can be used as a configuration tool to bridge between the 2 systems.|
If RSA ACE/Agent 1.2 for Netscape is configured first, follow these steps:
1. Copy the data in the ACEAGENT.CFG for 'DomainData'
2. Using regedt32.exe, open or create the REG_BINARY key HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\WebID\DomainData. Then ensure the 'Hex' radio button is selected and paste in the data from step 1.
3. Using the ACE/Agent control panel applet, on the Web tab, select 'Manage Domain Secret'
4. Select to Export the domain secret specifying a password when prompted
5. Take the created file to the ACE/Agent 4.4 system and start the MMC utility by clicking the ISM from the ACE/Agent applet
6. View properties for the web server protected by RSA ACE/Agent for Web
7. Select the RSA SecurID tab
8. Select 'Manage Domain Configuration'
9. Enable the option for 'Accept & Generate 4.3 Compatible cookies'
10. Choose the option to 'Import Domain Secret from Another Server', and select the file that you have copied over. Enter its password when prompted.
These steps will take the text-based domain secret from the ACEAGENT.CFG file from Netscape and store it in the IIS 4.0 Metabase used by RSA ACE/Agent 4.4 for Windows.
If RSA ACE/Agent 4.4 for Windows is configured first, follow these steps:
1. From the RSA SecurID tab for the web instance on NT, select 'Manage Domain Configuration'. Ensure the option for 'Accept & Generate 4.3 Compatible Cookies' is enabled.
2. Select to 'Export Domain Secret to Another Server' when prompted allocate a password
3. Copy the file created in step 2 to the machine running RSA ACE/Agent 4.3 for Windows
4. Select the 'web' tab from the ACE/Agent control panel applet and click on 'Manage Domain Secret'
5. Select 'Import Domain Secret from other station' and select the copied file and enter the password when prompted
6. Run regedt32.exe and locate the key 'HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\WebID\DomainData'. Select to modify the key.
7. Ensure the 'Hex' radio button is selected and copy all the text into the paste buffer
8. Edit the ACEAGENT.CFG file for the Netscape server and paste the clipboard contents into the field for 'DomainData'
Either of these 2 methods can be used in accompaniment with the existing documentation to share domain secrets, and should be viewed as an addendum specifically to cover sharing between RSA ACE/Agent 1.2 for Netscape and RSA ACE/Agent 4.4 for Windows.
|Legacy Article ID||6.0.1711158.2784250|