PreviousNextUp[Front page] [Index]

Setting Server Password

On Unix, the ssh-ca-repair script can also be used to set, change, or clear the server password which protects all the server private keys which are used for:

  • Server-to-Engine communication
  • TLS-protected Administration or Web Enrollment Services
  • OCSP responder
  • TLS-client-authenticated LDAP publishing

These keys are stored in the server var/pki directory.

The following commands set, change, and clear the password:

ssh-ca-repair -serverpass-set

ssh-ca-repair -serverpass-change 

ssh-ca-repair -serverpass-clear

When the server password is set, the server will not try to start automatically at system boot. The ssh-ca-start script must be run manually after reboots instead, and it will prompt for the server password.

On Windows, the server private key can be protected by using the ssh_keytool command. See Appendix Protecting Private Keys with Passwords.


PreviousNextUp[Front page] [Index]