|Applies To||Federated Identity Management Module 4.0|
|Issue||How do you replace or update an existing FIM keystore.|
A new keystore has been created to replace an existing keystore but FIM does not appear to be using the new keys.
|Cause||The FIM managed nodes read in the keystore information from the filesystem when the system starts up and saves it in cache. If there are any changes made to the underlying keystore on the filesystem FIM will not be aware of them until the managed nodes are restarted.|
|Resolution||This problem has been resolved in hotfix HF_24 for RSA FIM 4.1 and hotfix HF_24 for RSA FIM 4.0. Please contact RSA Support and request this hotfix or the latest cumulative hotfix for your platform. After apply the hotfix the behavior of RSA FIM will change. Now when RSA FIM encounters an error reading information from the cached copy of a keystore it will automatically flush the old information from the cache and read a new copy from the filesystem. This allows you to update the RSA FIM keystores on a running system.|
|Notes||If you add a new keystore with a new keystore name FIM will be able to use this immediately after it is configured in the console because there is no local copy of the keystore in cache. Similarly if you change the password or alias name in the FIM console those changes will take effect immediately without a restart of the managed node as long as there is a preexisting key in the keystore that matches the alias and password.|
|Legacy Article ID||a49633|