Nginx failing to ask for PEM SSL key password
Aleksandar Lazic
al-nginx at none.at
Wed Nov 18 22:02:38 UTC 2015
Hi.
Am 17-11-2015 21:13, schrieb lakarjail:
[snipp]
> Please note that :
>
> - nginx server starts correctly in command line (#nginx ), not using
> service. SSL configuration (like file locations and permissions seems
> therefore correct). Password is -that way- asked on terminal.
> - when doing the same SSL configuration with Apache2, the password
> is
> well required when starting/restarting Apache2 server with "service
> apache2
> start".
>
> == Problem and Question ==
>
>
> 1) I am not about to remove password of a cert key, since it's usually
> a
> bad security practise (considering the server get compromised, the cert
> will
> have to be revoked, etc.).
> On top of that, as explained, I never had problems on Apache2 using a
> password protected key Cert file. When I run Apache service, password
> is
> well asked. I can not consider the solution of removing the password,
> when
> other solutions work properly.
> I also checked ssl_password_file proposal. Storing the password in that
> way
> would set the security system as if no password was set on the key cert
> file. Therefore, I can't -as well- follow that solution.
>
> 2) What I fail to understand, if it is a bug, or a feature is the
> following
> : Nginx, when run as command line asks me for my cert key password and
> runs
> correctly. Why this behaviour can't be applied on a service ?
> The command:
> ---
> # nginx
> ---
> Asks for a password, runs webserver Nginx correctly. However :
> ---
> # service nginx start
> ---
> doesn't, password is not asked on terminal, producing the journalctl
> above
> mentionned. Why this difference of response ? Why an Apache2-like (that
> works in both situation) mechanism can't be introduced with Nginx ?
Do you know this directive?
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_password_file
Br Aleks
More information about the nginx
mailing list