|[Front page] [Index]|
On Unix, the
ssh-ca-repair script can also be used to set, change, or clear the server password which protects all the server private keys which are used for:
- Server-to-Engine communication
- TLS-protected Administration or Web Enrollment Services
- OCSP responder
- TLS-client-authenticated LDAP publishing
These keys are stored in the server
The following commands set, change, and clear the password:
ssh-ca-repair -serverpass-set ssh-ca-repair -serverpass-change ssh-ca-repair -serverpass-clear
When the server password is set, the server will not try to start automatically at system boot. The
ssh-ca-start script must be run manually after reboots instead, and it will prompt for the server password.
On Windows, the server private key can be protected by using the
ssh_keytool command. See Appendix Protecting Private Keys with Passwords.
[Front page] [Index]