Creating a Trust Database90 Netscape Enterprise Server Administrator’s Guide • April 2002 (Draft)6. For the Server Manager, click Apply, and then Restart for changes to takeeffect.After creating a certificate trust database for your server, you can request acertificate and submit it to a Certificate Authority (CA). If your company has itsown internal CA, request your certificate from them. If you plan to purchase yourcertificate from a commercial CA, choose a CA and ask for the specific format ofthe information they require. A list of available certificate authorities includinglinks to their sites, is available on the Request a Certificate page. For moreinformation on what CAs may require, a list of Certificate Authorities is availablethrough both Server Administrator, and Server Manager Security Pages underRequest a Certificate.The Administration Server can have only one server certificate. Each serverinstance can have its own server certificate. You can select a server instancecertificate for each virtual server.Using password.confNormally, you cannot start an UNIX SSL-enabled server with the /etc/rc.localor the /etc/inittab files, because the server requires a password before starting.By default, the web server prompts the administrator for the key databasepassword before starting up. If you must be able to start/restart an unattendedweb server, you can save the password in a password.conf file, but this is notrecommended. Only do this if your system is adequately protected so that this fileand the key databases are not compromised. The server’s password.conf fileshould be owned by root or the user who installed the server, and only the ownershould have read or write access.On UNIX, leaving the SSL-enabled server's password in the password.conf file isa security risk. Anyone who can access the file has access to the SSL-enabledserver’s password. Consider the security risks before keeping the SSL-enabledserver’s password in the password.conf file.On Windows NT/Windows 2000, if you have an NTFS file system, you shouldprotect the directory that contains the password.conf file by restricting its access,even if you do not use the file. The directory should have read/write permissionsfor the administration server user and the web server user. Protecting the directoryprevents others from creating a false password.conf file. You cannot protectdirectories or files on FAT file systems by restricting access to them.