On Apr 5, 2013, at 19:33 , Morgen Sagen wrote:
Calendar server uses a couple different mechanisms to acquire a certificate's passphrase:
1) It will run the program specified in caldavd.plist "SSLCertAdmin", which defaults to /Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin on OS X Server. It passes "--get-private-key-passphrase /path/to/private.key" to that program which returns the passphrase on stdout.
2) It will run the program specified in caldavd.plist "SSLPassPhraseDialog", which defaults to /etc/apache2/getsslpassphrase. It determines whether the key type is DSA or RSA, and then <serverhostname>:<port> <keytype> to that program which returns the passphrase on stdout.
You could try configuring the SSLPassPhraseDialog key to an appropriate program on your system. The problem is I don't know if this will work if the program you specify needs to interact with a tty to prompt for the passphrase because the calendar server worker processes don't have a tty as far as I know.
Glyph, Fred and Morgen, thanks for your help on this issue. I confirm that once I strip the password from the key, caldavd works as expected. I will check whether I can use security(1) tool in place of SSLPassPhraseDialog (with some modifications to caldavd's code), as I don't have certadmin on my Mac OS X. Thanks once again, Nikola