Nginx failing to ask for PEM SSL key password
al-nginx at none.at
Wed Nov 18 22:02:38 UTC 2015
Am 17-11-2015 21:13, schrieb lakarjail:
> Please note that :
> - nginx server starts correctly in command line (#nginx ), not using
> service. SSL configuration (like file locations and permissions seems
> therefore correct). Password is -that way- asked on terminal.
> - when doing the same SSL configuration with Apache2, the password
> well required when starting/restarting Apache2 server with "service
> == Problem and Question ==
> 1) I am not about to remove password of a cert key, since it's usually
> bad security practise (considering the server get compromised, the cert
> have to be revoked, etc.).
> On top of that, as explained, I never had problems on Apache2 using a
> password protected key Cert file. When I run Apache service, password
> well asked. I can not consider the solution of removing the password,
> other solutions work properly.
> I also checked ssl_password_file proposal. Storing the password in that
> would set the security system as if no password was set on the key cert
> file. Therefore, I can't -as well- follow that solution.
> 2) What I fail to understand, if it is a bug, or a feature is the
> : Nginx, when run as command line asks me for my cert key password and
> correctly. Why this behaviour can't be applied on a service ?
> The command:
> # nginx
> Asks for a password, runs webserver Nginx correctly. However :
> # service nginx start
> doesn't, password is not asked on terminal, producing the journalctl
> mentionned. Why this difference of response ? Why an Apache2-like (that
> works in both situation) mechanism can't be introduced with Nginx ?
Do you know this directive?
More information about the nginx