Rekey a MID Server
-
- UpdatedJan 30, 2025
- 1 minute read
- Yokohama
- MID Server
Rekey a MID Server to generate a new private key. Private keys are used to decrypt automation credentials, so that MID Servers can transmit information securely. Key pairs are initially generated when a MID Server is validated, and MID Servers should be rekeyed periodically to meet security requirements.
Before you begin
Role required: admin
 |
About this task
Automation credentials are secured by encrypting them in the instance with the MID Server’s trusted public key prior to transmission. When the MID Server is created, it generates a keypair, consisting of a public and private key. After the MID Server is validated, it can use the private key to decrypt automation credentials. You should occasionally rekey the MID Server to meet your organizations security requirements.
Procedure
- Navigate to .
- Open the MID Server whose keypairs you want to rotate.
- Under Related Links, click Rekey.
Related Content
- MID Server certificate check policies
MID Server uses three kinds of security checks to secure external traffic. The security checks use TLS/SSL certificate validation, hostname validation, and OCSP validation to improve security. Control these security checks with the MID Server certificate check policies table.
- Encrypt or decrypt MID Server configuration file values
The value of any MID Server parameter in the config.xml file can be encrypted. The attributes for all encrypted values are managed from within the configuration file, including the security attribute of the login password.
- MID Server configuration file security
Sensitive MID Server configuration data can be protected using several different schemes, including internal and external data encryption and external data storage.
- MID Server authentication credentials and SOAP requests
Set basic authentication credentials to update the web service invocation data. For added security, you can enforce basic authentication on each incoming SOAP request to the MID Server.
- MID Server unified key store
The MID Server unified key store allows all products on the MID Server to use common certificates and key pairs. This feature allows applications to use the same secure communication channel to the MID Server that the MID Server uses to connect to the instance.
- Enable MID Server mutual authentication
Configure the MID Server to use a client certificate for authenticating to the instance. This avoids the need to create a basic authentication credentials in the Key Store for the MID Server's configuration.
- MID Server Azure Key Vault integration
The MID Server integration with the Azure Key vault enables Orchestration, Discovery, and Service Mapping to run without storing any credentials on the instance.
- MID Server command audit log
The command audit log records the commands run by the MID Server for the Discovery application. Review the commands to check for anomalies or errors.
- Add SSL certificates for the MID Server
Configure the MID Server to connect to a source over SSL.
- MID Server SSH cryptographic algorithms
The MID Server utilizes SSH clients to perform many discovery actions. During the SSH handshake, both the client and server first determine which algorithms both parties support, then client picks the highest priority algorithm. For the Host Key Algorithm, the client picks highest priority algorithm which both parties support that matches the key type.
- Attach a script file to a file synchronized MID Server
You can attach a script file to synchronize to a connected MID Server. Windows Internet Explorer enhanced security blocks downloaded files that it determines are potentially dangerous. However synchronizing the files avoids this security problem.
- MID Server FIPS Enforced Mode
The MID Server supports the National Security Cloud (NSC) IL-5 environment, which requires all utilized cryptography to be FIPS validated. The MID server can be run in FIPS Enforced Mode, where only cryptographic algorithms which are FIPS validated are utilized.
- MID Server Governance
Improve MID Server security by setting an automatic timeout to invalidate and shut down inactive MID Servers. You can enable this feature and set the inactivity timeout period globally and for each MID Server.
- Validate the MID Server
You must manually validate the MID Server after it is installed to enable it to execute automation tasks. You can invalidate a MID Server you suspect has been compromised to prevent it from accessing automation credentials in the instance or executing outbound ECC probes.