You should replace the RSA key pair with a new RSA key pair in your UTM application in regular intervals for security reasons. This is especially important if you use encryption levels less than 5. The administration program interface and the administration tools WinAdmin and WebAdmin provide the corresponding functions.

See the openUTM manual “Administering Applications”; KDCADMI operation code 4KC_ENCRYPT or the online help system for WinAdmin or WebAdmin, keyword „RSA keys“.

With the help of the administration you can create a new key pair, read the public key and activate the new key pair. Only after activation can the new key pair be used by the UTM application for encryption. An activated key pair can also be deleted using administration facilities.

To further increase the security of the data on a connection you should read the public key of the RSA key pair, pass it to the client using your own method and store it there. You should only activate the new RSA key pair once this has been accomplished. With the help of the public RSA key you have stored, the client can verify if the public key received over the connection to the UTM application really came from the UTM application.