Changing A Token's Password; Hardware Cryptographic Accelerators - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Changing a Token's Password

The token, internal or external, that stores the key pairs and certificates for the
subsystems is protected (encrypted) by a password. To decrypt the key pairs or to
gain access to them, you must enter that password. The first time you specified this
password is when you used the token the first time, most likely during CMS
installation.
It is good security practice to periodically change the password that protects your
server's keys and certificates; changing the password periodically minimizes the
risk of someone finding out the password. To change a token's password, use the
command-line utility called the Key Database Tool, which is documented in CMS
Command-Line Tools Guide.
Note that the single sign-on password cache stores the passwords for tokens in
order to start the server using a single password; for details, see "Required Start-up
Information" on page 312. Whenever you change the password, the cache is
updated with the new password.

Hardware Cryptographic Accelerators

Certificate Management System allows you to use hardware cryptographic
accelerators with external tokens. Many of the accelerators provide the following
security features:
• Fast SSL connections—speed is important if you want your Certificate
Manager, Registration Manager, or Data Recovery Manager to be able to
accommodate a high number of simultaneous enrollment or service requests.
• Hardware protection of private keys—these devices behave like smart cards, in
that they do not allow the private keys to be copied or removed from the
hardware token. This is important if you are concerned about the risks
associated with key theft from an active attacker of your online Registration
Manager or Certificate Manager.
Hardware Cryptographic Accelerators
Chapter 14 Managing CMS Keys and Certificates 455