|[Front page] [Index]|
All Certifier software private keys are stored in encrypted format in the internal database. Also the PIN codes of the hardware security modules, if being used, are encrypted in the Database. Every Certifier installation has a master password, which is used to protect these objects. If the master password is lost, the whole PKI system may become inoperational, since the CA and RA software private keys (as well as other encrypted information) cannot be accessed any more. Therefore it is critical to be extremely careful when changing this password!
After a new SSH Tectia Certifier installation, the password equals an empty string. This means that if encryption needs to be taken into use, one of the first steps is to enter the master password on the Change Master Password page.
When the password is given for the first time, the current password field can be left empty. The new password needs to be given in the Enter new password field and confirmed again in the Same again field. Click the Commit button to take the new password in use, or Cancel to abort the operation.
After the master password has been taken in use, it has to be given to SSH Tectia Certifier every time the Engine is restarted - otherwise signature operations will not be possible.
There are two ways to pass the master password to the Engine. The master password can be specified on the command line when the Engine is started, or it can be provided in the Administration Service by an administrator. After operator login, the master password field is prompted and the operator can type in the master password.
See Section Starting SSH Tectia Certifier in Unix.