ssl_password_file on nginx 1.8.0
Valentin V. Bartenev
vbart at nginx.com
Mon Aug 10 11:00:09 UTC 2015
On Saturday 08 August 2015 17:05:26 B.R. wrote:
> Hello,
>
> I cannot manage to load a certificate protected wit ha password on nginx
> 1.8.0:
> [emerg] 2331#0: SSL_CTX_use_PrivateKey_file("/etc/ssl/private/domain.key")
> failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting
> password error:0906A068:PEM routines:PEM_do_header:bad password read
> error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
>
> The file configured with ssl_password_file is plaintext, restricted to read
> rights for root user only (even tried root user + root group).
> Shall it be otherwise? Have I missed something?
>
> I intended to avoid deciphering my private keys using this new capability
> of nginx.
>
> I also noted that, dunno if it might be related to my trouble:
> http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006104.html
>
> $ sudo nginx -v
> nginx version: nginx/1.8.0
> $ openssl version
> OpenSSL 1.0.1k 8 Jan 2015
Check your password file with hex editor.
wbr, Valentin V. Bartenev
More information about the nginx
mailing list