Generating a New Encryption Key
The CS Authentication resource uses an encryption key for encrypting and decrypting cookie data. By default, when you unpack a site, the encryption key in the package is used (assuming one exists). The encryption key is stored in the AuthSetup.ini file in the package. If there is no key, a new key is generated by Commerce Server Site Packager, using AuthManager::GenerateEncryptionKey().
Every time you unpack a site, a new encryption key is created. If you package your own encryption key with the CS Authentication resource, then you will have the same key every time you unpack that custom package. If you want a new or separate key every time you unpack that site, after you unpack the site you must use the Generate New Encryption Key button in Commerce Server Manager.
Do not change the encryption key while a site is active. If you updated an encryption key while a site is active, existing MSCSAuth tickets would no longer be valid and users would have to log on again. A ticket that is encrypted with one key can only be decrypted with the same key.
.gif "Ee824942.note(en-US,CS.10).gif")
Note
- Before you update an existing encryption key, you must create a back up of the encryption key. Commerce Server does not create a back up for you. After you create the new key, the old one cannot be retrieved.
To generate a new encryption key
Expand Commerce Server Manager, expand Commerce Sites, and then click the site you want to administer.
Expand Applications, right-click the application you want to configure, and then click Properties.
At the bottom of the dialog box, click Generate New Encryption Key.
At the confirmation dialog box, click OK.