The patch of Nginx SSL: PEM pass phrase problem

James_Lee nginx-forum at
Fri Sep 2 06:03:03 UTC 2011


If we configured SSL in Nginx and the Private Key files are encrypted,
then the following dialog occurs at Nginx startup time:
         Enter PEM pass phrase:

It maybe difficulty for management. Sometimes it's needed to avoid the
interactive dialogue at startup time.
So I develop the patch for Nginx ssl module. Wish it helpful!

Directive:  ssl_pass_phrase_dialog
Description: Type of pass phrase dialog for encrypted private keys
Syntax: ssl_pass_phrase_dialog type
Default: ssl_pass_phrase_dialog builtin
Context: http, server

When Nginx starts up it has to read the various Certificate (see
ssl_certificate) and Private Key (see ssl_certificate_key) files of the
SSL-enabled virtual servers. Because for security reasons the Private
Key files are usually encrypted, ngx_ssl module needs to query the
administrator for a Pass Phrase in order to decrypt those files. This
query can be done in two ways which can be configured by type:

 *  builtin

    This is the default where an interactive terminal dialog occurs at
startup time. Here the administrator has to manually enter the Pass
Phrase for each encrypted Private Key file.
 *  exec:/path/to/program

    Here an external program is configured which is called at startup
for each encrypted Private Key file.

(1) ssl_pass_phrase_dialog builtin;
The "Enter PEM pass phrase:" will occurs at the Nginx startup time.

(2) ssl_pass_phrase_dialog "exec:/home/ssl_files/";
The code of
echo "password"

The relevant configuration in Apache is:

If more information is needed, please refer to the Nginx HttpSslModule:

This patch has been tested in nginx-0.8.54.

The download url is :

--------------------------------------------------------------------  (Here # is @ in fact)

Posted at Nginx Forum:,214641,214641#msg-214641

More information about the nginx mailing list