Previous Topic: Use a Server Certificate You Generate from a Third-Party Root CertificateNext Topic: Enterprise Management Server SSL Communication


Password-Protected Server Certificates

You can configure CA ControlMinder to use a password-protected server certificate; if you do, CA ControlMinder uses a specified password to protect the private key for the server certificate. CA ControlMinder stores the password in the crypto.dat file in the ACInstallDir/Data/crypto directory, where ACInstallDir is the directory in which you installed CA ControlMinder. The crypto.dat file is hidden, encrypted, read-only, and protected by CA ControlMinder. If CA ControlMinder is stopped, only the superuser can access the password.

If you create a password-protected server certificate, sechkey does not encrypt the certificate. If you create a server certificate that is not password-protected, sechkey encrypts the certificate using AES256 and the CA ControlMinder encryption key.