To Configure the Passphrase in a File

Restriction: This topic applies only when the Enterprise Server feature is enabled.

You can configure the passphrases that a listener requires in the mf-server.dat file. When you start the listener, it retrieves the passphrases from the file, and you do not need to configure them manually.

If you are securing the Communications Process use the name of the enterprise server region as the listener name.

By default, the mf-server.dat file is in the %ProgramFiles(x86)%\Micro Focus\Visual COBOL\bin or \bin64 (Windows) or $COBDIR/etc (UNIX) directory:

  1. Open the mf-server.dat file in a text editor.
  2. In the file, add the following lines:
    [Listener-name/SSL/passphrases]
    certificate=certificate passphrase
    keyfile=keyfile passphrase
    
    where:
    Listener-name
    Is the name of the listener.
    certificate passphrase
    Is the certificate's passphrase.
    keyfile passphrase
    Is the keyfile's passphrase.
    Note: If you are configuring the listener to start without a passphrase then use empty double quotes (keyfile="").
  3. Save the file and start the listener. The listener retrieves the passphrases from the file and starts.
Note: The passphrases appear in plain text in the mf-server.dat file. For security purposes, you should make this file readable only by the user account (or accounts) under which the enterprise server is started. That would normally be the account under which Micro Focus Directory Server (MFDS) runs, this is typically LOCAL_SYSTEM and the accounts of any users who run casstart from the command line.
Note: You can use the Micro Focus Vault Facility to store a secret for the certificate and keyfile pass phrases. This can be specified in the mf-server.dat file and takes the following form:
mfsecret:configuration-name:secret-path

or:

mfsecret::secret-path

or:

mfsecret:secret-path