Using the certificate password loading file

Edit online

The following are examples from a certificate password loading file for NIM OpenSSL certificates.

The file is located in the /usr/samples/nim/ssl directory. The file is provided for helping users store a desired password for decrypting the NIM master's client key. The password provided must match the password used to encrypt the NIM master's client key during NIM SSL configuration.

To load the encrypted key's password in the NIM environment: 
#  certpasswd
To unload the encrypted key's password from the NIM environment: 
#  certpasswd -u
Only the NIM master's client key may be password encrypted. To password encrypt the NIM master's client key, complete the following steps:
  1. On the NIM master, edit the /ssl_nimsh/configs/client.cnf config file.
  2. Locate the encrypt_key variable and change the value to yes.
  3. Add the output_password variable underneath encrypt_key and specify the password. If you do not specify output_password, you will be prompted for the password during key generation.
  4. Type the following command: 
    # make -f  /usr/samples/nim/ssl/SSL_Makefile.mk  client
  5. On each SSL client, copy the new server.pem file using the nimclient -c command.
  6. Load the password into the NIM environment using certpasswd.
When you use password encrypted keys, NIM commands may fail with the following error if the correct password is not loaded: 
0042-157 nconn: unable to access the "clientkey.pem" file
After the password is loaded, it will be used for client key decrypting until you unload the password.