Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

PreviousNextUp[Front page] [Index]

Setting Server Password

On Unix, the ssh-ca-repair script can also be used to set, change, or clear the server password which protects all the server private keys which are used for:

  • Server-to-Engine communication
  • TLS-protected Administration or Web Enrollment Services
  • OCSP responder
  • TLS-client-authenticated LDAP publishing

These keys are stored in the server var/pki directory.

The following commands set, change, and clear the password:

ssh-ca-repair -serverpass-set

ssh-ca-repair -serverpass-change 

ssh-ca-repair -serverpass-clear

When the server password is set, the server will not try to start automatically at system boot. The ssh-ca-start script must be run manually after reboots instead, and it will prompt for the server password.

On Windows, the server private key can be protected by using the ssh_keytool command. See Appendix Protecting Private Keys with Passwords.

PreviousNextUp[Front page] [Index]