Setting a Pass Phrase

Restriction: This topic applies only when the Enterprise Server feature is enabled.

To enable the HTTPS listener to run, you need to enter the pass phrase that you defined for the private key file. In other situations, you might also have a pass phrase for the server certificate, which you would also need to enter. This tutorial does not require one.

There are two ways of setting the pass phrases. One way is to store the pass phrases in a file, and the other is to enter them once the enterprise server is started.

To set the pass phrase in a file:

  1. Edit the file mf-server.dat, located in $COBDIR/etc . If the file does not exist, create it.
  2. Add the following lines to mf-server.dat:
    [HTTPS Echo/SSL/passphrases]
    certificate=
    keyfile=open sesame

    It does not matter where in the file you add this section. If you like, you can add a comment (preceded by a ";") to describe the entry. Make sure the name HTTPS Echo is spelled exactly as it is in ES Admin.

    Note: If you are configuring the listener to start without a passphrase then use empty double quotes (keyfile="").
  3. Start ESDEMO from the home page of ES Admin.
  4. When ESDEMO has started, look at the Listeners page to make sure that the new listener HTTPS Echo has started, as with the other listeners.

To set the pass phrase manually without using a file:

  1. Start ESDEMO from the home page of ES Admin.
  2. When ESDEMO has started, go to the Listeners page. If you didn't enter the pass phrase in the above file, the status of the listener HTTPS Echo is Start Pending.
  3. Click Authorize in the Status column of HTTPS Echo. This displays the SSL Listeners page in a separate browser window.
  4. Enter open sesame in the Keyfile Passphrase field, then click Set passphrases. You can leave the Certificate Passphrase field blank, since you did not define a certificate pass phrase.
  5. Confirm that the HTTPS Echo is now started by viewing the main Listeners page (and clicking Refresh if necessary).

If you ever have problems starting or running an SSL-enabled listener, it can be useful to look at the MFCS log. Click Server > Diagnostics > CS Console.