Using Passwords With SSL

If you supply a password for trust key store operations, the password is only used to verify the integrity of the key store. The password does not prevent access to the contents of the trust key store, but it does protect updates to the key store. Users are not able to change the contents of the key store without supplying the password.

If you supply a password for private key store operations, the password is used to verify the integrity of the key store, protect against modifications of the key store contents, and to encrypt and protect access to the private key.

The crkeys script validates that you specified the same password for both the key stores. When creating a trust store for the first time by importing certificates, the crkeys script ensures that the trust store has the same password as the private store, if one exists. Similarly, when creating a private store for the first time, the crkeys script ensures that the private store has the same password as the trust store, if one exists.

To use the crkeys script to prompt for and verify the key store password when starting applications, use the -vpass option. The crkeys script prompts the user for the key store password if any of the key stores exist, and verifies the password against the key store. If the verification succeeds, it prints the password on the standard output so that it can be fed into the application.