ssl_password_file on nginx 1.8.0

B.R. reallfqq-nginx at yahoo.fr
Mon Aug 10 22:21:31 UTC 2015


At first I thought the 0x0a character could be a problem, though highly
improbable... then I realized that one of the server blocks using that
certificate had no ssl_password_file configured.

Shameful mistake created a dummy error.
Sorry for bothering! Thanks for help.
---
*B. R.*

On Mon, Aug 10, 2015 at 1:00 PM, Valentin V. Bartenev <vbart at nginx.com>
wrote:

> On Saturday 08 August 2015 17:05:26 B.R. wrote:
> > Hello,
> >
> > I cannot manage to load a certificate protected wit ha password on nginx
> > 1.8.0:
> > [emerg] 2331#0:
> SSL_CTX_use_PrivateKey_file("/etc/ssl/private/domain.key")
> > failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems
> getting
> > password error:0906A068:PEM routines:PEM_do_header:bad password read
> > error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
> >
> > The file configured with ssl_password_file is plaintext, restricted to
> read
> > rights for root user only (even tried root user + root group).
> > Shall it be otherwise? Have I missed something?
> >
> > ​I intended to avoid deciphering my private keys using this new
> capability
> > of nginx.
> >
> > I also noted that, dunno if it might be related to my trouble: ​
> > http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006104.html
> >
> > $ sudo nginx -v
> > nginx version: nginx/1.8.0
> > $ openssl version
> > OpenSSL 1.0.1k 8 Jan 2015
>
> Check your password file with hex editor.
>
>   wbr, Valentin V. Bartenev
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150811/df5414bb/attachment.html>


More information about the nginx mailing list