Nginx failing to ask for PEM SSL key password

lakarjail nginx-forum at nginx.us
Wed Nov 18 14:31:36 UTC 2015


Thank you for your answer. I agree with you on all points concerning if it
would or not improve the security. 

Francis Daly Wrote:
-------------------------------------------------------
> On Wed, Nov 18, 2015 at 04:34:20AM -0500, lakarjail wrote:
> I don't see how your system security is enhanced, if you do anything
> other than manually type in the password each time it is needed.

That is exactly what I am looking for, I am not looking for another
solution. I wish I could launch Nginx as a service and "manually" type in
the password.

However the password requirement phase is not displayed using nginx debian
service, though it is displayed with Apache service and its ssl_mod thanks
to the method I was previously mentioning.

a) I was just wondering (trying to understand understand) if there was any
reason regarding why it does't work, and, in case was not implemented/made
it available on purpose, why this option was chosen not to be implemented. 


b) I.e., in what way using the same kind of Apache SSLPassPhraseDialog (that
force you to enter passphrase by hand, not storing any password on the local
machine) would set the global certificate security level at same level than
storing it in a file on the local machine (whatever permissions are set on
this file).

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,262900,262923#msg-262923



More information about the nginx mailing list