To set a passphrase for a TLS-enabled listener

You can configure a pass phrase in the mf-server.dat file. See To Configure the Passphrase in a File for more information. Alternatively, you can set it before you start the enterprise server region. To set a pass phrase before you start the region in ESCWA:

  1. In the menu bar, click Native.
  2. In the navigation tab, click Directory Servers and choose your enterprise server region.
  3. Click General > Listeners.

    Find your TLS-enabled listener. The Status column should indicate Stopped and the Status Log column should display OK.

  4. Click the Edit icon at the end of the row.

    This will display the Listener Properties.

  5. Click TLS Settings.

    This expands the security properties.

  6. Check Enable TLS.
  7. In the Certificate File and Keyfile fields, type the paths to the files.
    Note: You can use the Micro Focus Vault Facility to store a secret for the Authorized ID and Password fields. These fields can be specified using the forms: 
    mfsecret:configuration-name:secret-path

    or: 

    mfsecret::secret-path

    or: 

    mfsecret:secret-path
  8. You can now start the region.
Note: If you have problems starting or running an TLS-enabled listener, it can be useful to look at the Communications Log. In ESCWA, click Monitor > Logs > Communications Log.

The pass phrase is not tested against the certificate and keyfile until an attempt is made to start the listener.

Parent topic: Configuring SSL Security