Enabling ssl crashes windows nginx 1.0.0
Ryan Malayter
malayter at gmail.com
Tue Apr 19 19:16:46 MSD 2011
On Mon, Apr 18, 2011 at 11:59 PM, Igor Sysoev <igor at sysoev.ru> wrote:
> An nginx worker of Windows version does not inherit configuraiton
> file from a master process as Unix version does. So it loads certificate
> separately and waits for the passphrase too. The only solution is to
> remove passphrase from certificate key.
Set strong permissions of course, but you can also probably protect
the key file with the encrypting file system on Windows boxes,
encrypted with the only the user account nginx uses and no recovery
key. This makes it about as safe as possible, although an attacker
that gains LocalSystem privileges can still get at the private key
with some work (really, anyone who has the rights to attach a debugger
to the nginx process could get the key from memory).
--
RPM
More information about the nginx
mailing list