Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

PreviousNextUp[Front page] [Index]

Setting Server Password

On Unix, the ssh-ca-repair script can also be used to set, change, or clear the server password which protects all the server private keys which are used for:

  • Server-to-Engine communication
  • TLS-protected Administration or Web Enrollment Services
  • OCSP responder
  • TLS-client-authenticated LDAP publishing

These keys are stored in the server var/pki directory.

The following commands set, change, and clear the password:

ssh-ca-repair -serverpass-set

ssh-ca-repair -serverpass-change 

ssh-ca-repair -serverpass-clear

When the server password is set, the server will not try to start automatically at system boot. The ssh-ca-start script must be run manually after reboots instead, and it will prompt for the server password.

On Windows, the server private key can be protected by using the ssh_keytool command. See Appendix Protecting Private Keys with Passwords.


PreviousNextUp[Front page] [Index]

===AUTO_SCHEMA_MARKUP===