Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide

Configuring the Certificate Database Password

By default, Directory Server manages the SSL certificate database password internally through a stored password. When managing certificates, the user does not need to type a certificate password or specify the password file. This option is not very secure because the password is only hidden, not encrypted.

However, if you want to have more control over the use of certificates, you can configure the server so that the user is prompted for a password on the command line. In this case, the user must type the certificate database password for all dsadm subcommands except autostart, backup, disable-service, enable-service, info, reindex, restore, and stop. The certificate database is located in the directory instance-path/alias.

ProcedureTo Configure the Server So the User is Prompted for a Certificate Password

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Stop the server.

    $ dsadm stop instance-path
  2. Set the password prompt flag to on.

    $ dsadm set-flags instance-path cert-pwd-prompt=on

    You are asked to choose a new certificate password.

  3. Start the server.

    $ dsadm start instance-path