You can configure the passphrases that a listener requires in the mf-server.dat file. When you start the listener, it retrieves the passphrases from the file, and you do not need to configure them manually.
If you are securing the Communications Process use the name of the region as the listener name.
By default, the mf-server.dat file is in the $COBDIR/etc directory:
[Listener-name/SSL/passphrases] certificate=certificate passphrase keyfile=keyfile passphrasewhere: