Start and configure password server in Certificate Manager

This article is related to the startup sequence of servers in Smart ID Certificate Manager (CM).

If at least one cryptographic device requires a PIN that is not configured and not using a PIN pad, the CIS service starts a temporary web server (the password server) and a web browser must be used to enter the required PIN codes. This instruction describes how to start, stop and configure the password server.

Start password server

The CIS service will start a temporary web server - the password server - if at least one of the cryptographic devices, installed and configured in cis.conf, requires a PIN that is not configured and is not using a PIN pad.
The CIS service will wait until the required PIN codes are entered in a web browser.
The input fields in the web form are labelled with the name of the device.

Stop password server

The password server is stopped when all PIN codes have been entered.
The start sequence of the CIS service continues.

Configure password server

The password server will bind to localhost and listen on port 5080 with the default configuration. The actual configuration is shown in the log messages.

Configure the bind address and port of the password server in cis.conf.

Logging in password server

This is an example of the logging from the password server when pin codes are required, output in the CIS log file (log-<date>.log).

Example: Logging from the password server

CODE

[2013/02/13:13:20:37] oper info CIS-PasswordServer Server started:\
localhost:5080
[2013/02/13:13:20:37] oper info CIS-PasswordServer Devices require\
password: [PIN-protected Soft Token, CryptoServer (RSA)]
[2013/02/13:13:21:25] oper info CIS-PasswordServer All passwords received,\
server stops: localhost:5080

Related information