ggistra@xxxxxxx wrote:
Not technically, but it's a good idea to keep it around in case you want to issue additional certs. You can always create it from the contents of the pin.txt file (assuming you have the same password).Regarding "Using certutil" section in the "Managing SSL and SASL" chapter of the Administrator's Guide 7.1:The instructions seem to indicate that one should use the same password to protect* the key and certificate databases * the encryption key * the certificatesIs this correct? Is the pwdfile.txt still needed after the certificates are generated?
The "Enabling SSL ..." section of the same chapter talks about creating the password file needed to restart the server automatically. This is presumably the same password used to generate certificates (or is it not?).
It usually is the same, but it doesn't have to be.
Is there a way to achieve the unattended restart while avoiding placing the password in a cleartext file?You can also use the modutil -changepw command to change the password to a blank password (i.e. just hit Enter). But then your private key will be unprotected. It's essentially the same protection as the cleartext password file, but a little easier to manage.
Thanks,Gabi ------------------------------------------------------------------------ Get the MapQuest Toolbar <http://www.mapquest.com/toolbar?NCID=mpqmap00030000000003>, Maps, Traffic, Directions & More!------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
