The step-ca server has several different password-related startup command line options for different purposes, including but perhaps not limited to: --password-file --ssh-host-password-file --ssh-user-password-file --issuer-password-file --provisioner-password-file Of these, the FreeBSD rc.d script only seems to support --password-file. Things can still *work*, because if a more specific one is missing, it will default to the value of --password-file (although see note below), but it would be best to use the more specific ones as appropriate. NOTE: I'm unfamiliar with --issuer-password-file, and I don't know for sure that it will default to --password-file like the others do. Thanks.