Automatic start-up for SSL-enabled instances of Fedora Directory Server
Fedora Directory Server protects its internal, software-based, cryptographic repository with a PIN (passphrase).
When an instance of a Fedora Directory Server is configured for SSL/TLS support, by default, the start-up script interactively prompts for that PIN in order to unlock the private key. This can be a problem for automated system start-ups.
However, there is a way to configure Fedora Directory Server in such a way that the PIN is stored into a root-only readable configuration file. Thus, during start-up, the directory server instance can retrieve the PIN from that configuration file wihout asking it.
The PIN is stored into a file called:
/opt/fedora-ds/alias/slapd-[instance_name]-pin.txt
and should contain a single line with the following format:
Internal (Software) Token:[pin or passphrase]
For example, if the Fedora Directory Server instance is named "server1" and the PIN or passphrase needed to unlock the SSL/TLS private key is "secret":
# echo "Internal (Software) Token:secret" > \ /opt/fedora-ds/alias/slapd-server1-pin.txt
Leave a Reply