Prompting for a Password to Access the Certificate Database

By default, the password for the certificate database is managed internally. Therefore, you do not need to type a certificate password or specify the password file. When the certificate database is managed internally through a stored password, the password is stored in a secure environment.

For more security and more control over certificates, configure Directory Proxy Server to prompt for a password on the command line. You are then prompted to enter the password for all dpadm subcommands except autostart, backup, disable-service, enable-service, info, restore, and stop.

For information about configuring Directory Proxy Server to prompt or not to prompt for passwords, see the following procedures.

To Prompt for a Password to Access the Certificate Database

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

1. Stop the server.

   $ dpadm stop instance-path Directory Proxy Server instance 'instance-path' stopped

2. Set the password prompt flag to on, then type and confirm the certificate database password.

   $ dpadm set-flags instance-path cert-pwd-prompt=on Choose the certificate database password: Confirm the certificate database password:

3. Start the server, then type the certificate database password.

   $ dpadm start instance-path Enter the certificate database password:

To Disable the Password Prompt to Access the Certificate Database

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

1. Stop the server.

   $ dpadm stop instance-path Directory Proxy Server instance 'instance-path' stopped

2. Set the password prompt flag to off, then type the existing password.

   $ dpadm set-flags instance-path cert-pwd-prompt=off Enter the old password:

3. Start the server.

   $ dpadm start instance-path