Backup of sensitive data (Overview)

The configuration files for OneSpan Authentication Server, Message Delivery Component, and the Tcl Command-Line Administration tool can be copied from the following folder:

/etc/vasco/ias (Linux)

%PROGRAMFILES%\VASCO\IDENTIKEY Authentication Server\bin (Windows)

The files to be copied are:

• identikeyconfig.xml. For all instances of OneSpan Authentication Server.
• mdcconfig.xml. A backup copy of one working file is sufficient.
• dpadmincmd.xml

Save the aforementioned files with an extension that describes the server from which the file(s) were backed up. This makes it easier and quicker to locate the correct file during recovery.

If you are using database encryption, you should back up all certificates and private keys used.

If you have enabled database encryption for the embedded MariaDB database, you need to back up the following files:

• cert/ca-cert.pem
• cert/ca-key.pem
• cert/client-cert.pem
• cert/client-key.pem
• cert/server-cert.pem
• cert/server-key.pem
• encr/dbkeys.enc

The cert and encr subfolders are usually located in the program data folder:

• %PROGRAMDATA%\VASCO\IDENTIKEY (Windows)
• /etc/vasco/ias (Linux)

Any SSL/TLS certificates and private keys used with OneSpan Authentication Server should be backed up.

For more information about SSL certificates generated by the Maintenance Wizard, refer to the OneSpan Authentication Server Administrator Guide.

The DIGIPASS export file (DPX) is provided on secure media, which can be stored securely as a backup. If you prefer another method for archiving, copy the files to your preferred location. It is important to keep the DPX file transport keys secure and preferably in a separate location from the DPX files.

For more information about protecting host files, see Protecting host files.