Old topic ssl private key with passphrase

Aleksandar Lazic al-nginx at none.at
Thu Apr 24 11:03:21 UTC 2014


Am 24-04-2014 10:54, schrieb Maxim Dounin:
> Hello!
> On Wed, Apr 23, 2014 at 08:32:57PM +0200, Aleksandar Lazic wrote:
>> Hi.
>> Am 23-04-2014 18:19, schrieb Maxim Dounin:


>> I also agree that this is a very hard task.
>> >So the question is: why do you need it?
>> If you want to get a specific certificate for some standars.
> Well, that's not about security either, and completely
> non-technical.
> I've seen "certifications" requiring to use software with known
> remote code execution vulnerabilities, and I'm quite sceptical
> about doing something just because of certification requirements,
> without understanding the reasons behind them (if any).
> Anyway, if you know a standard which requires storing of
> keys in password-protected forms only - please point it out.


BR Aleks

More information about the nginx mailing list