Uploading multiple key files simultaneously

Uploading multiple keys simultaneously is useful in the following situations:

• Your web applications are secured by a large number of keys
• Keys expire and you must reload them frequently
• A single key is associated with more than one IP address

The bulk upload is a multistep process. First, you compose a bulk key management file, and then you upload it to the Real User Collector component. To perform this procedure, you must have Security-level access. 

Before you begin

You must know the names of all the SSL key files that you want to upload, their passwords, and the IP addresses that you want to associate each key with.

To compose a bulk key management file

1. Create a directory on your local computer, for example, MyKeys.
2. Create a subdirectory, for example, keys.
3. Copy all your keys into the keys subdirectory.
   Key files must be in the DER, PEM, or PFX format.
4. Create another subdirectory and name it keyconfig_.

5. Create the following XML file (you might name it _keyconf.xml for instance). Use the Key filestable for reference.

   <ssl>
     <sslKeys>
       <sslKey name="myKey01.pfx" active="true">
         <password><![CDATA[mypass01]]></password>
         <description><![CDATA[My first key.]]></description>
       </sslKey>
       <sslKey name="myKey02.pfx" active="true">
         <password><![CDATA[mypass02]]></password>
         <description><![CDATA[The second key.]]></description>
         </sslKey>
       <sslKey name="myKey03.pfx" active="true">
         <password><![CDATA[mypass03]]></password>
         <description><![CDATA[The third key.]]></description>
         </sslKey>
     </sslKeys>
   </ssl>
   

6. Save this file in the keyconfig subdirectory.
7. Create another subdirectory and name it ipmappingconfig.

8. Create the following XML file and save it in the ipmappingconfigsubdirectory.

   <ssl>
     <sslIPMappings>
       <sslIPMapping key="myKey01.pfx">
         <ipRange><![CDATA[192.0.2.12]]></ipRange>
         <portRange><![CDATA[443]]></portRange>
       </sslIPMapping>
       <sslIPMapping key="myKey02.pfx">
         <ipRange><![CDATA[192.0.2.13]]></ipRange>
         <portRange><![CDATA[443]]></portRange>
       </sslIPMapping>
       <sslIPMapping key="myKey03.pfx">
         <ipRange><![CDATA[192.0.2.14]]></ipRange>
         <portRange><![CDATA[443]]></portRange>
       </sslIPMapping>
     </sslIPMappings>
   </ssl>
   

9. Compress the MyKeys directory to a ZIP file named MyKeys.zip.
   
   Now you can upload the key management file to the Real User Collector component.

The key files in this example are:

To upload a bulk key management file

1. In the Real User Collector component, point to Administration > Security settings, and then click Key management.

2. On the Action menu, click Bulk Key upload.
3. Click Browse, locate the ZIP file that contains the keys (for example, MyKeys.zip), and then click Open.
4. Click Upload.
   
   The system uploads the files with cryptographic keys. For more information about creating XML files, see XML elements and attributes for key management.