Nginx failing to ask for PEM SSL key password

Aleksandar Lazic al-nginx at none.at
Wed Nov 18 22:02:38 UTC 2015


Hi.

Am 17-11-2015 21:13, schrieb lakarjail:

[snipp]

> Please note that :
> 
>    - nginx server starts correctly in command line (#nginx ), not using
> service. SSL configuration (like file locations and permissions seems
> therefore correct). Password is -that way- asked on terminal.
>    - when doing the same SSL configuration with Apache2, the password 
> is
> well required when starting/restarting Apache2 server with "service 
> apache2
> start".
> 
> == Problem and Question ==
> 
> 
>  1) I am not about to remove password of a cert key, since it's usually 
> a
> bad security practise (considering the server get compromised, the cert 
> will
> have to be revoked, etc.).
> On top of that, as explained, I never had problems on Apache2 using a
> password protected key Cert file. When I run Apache service, password 
> is
> well asked. I can not consider the solution of removing the password, 
> when
> other solutions work properly.
> I also checked ssl_password_file proposal. Storing the password in that 
> way
> would set the security system as if no password was set on the key cert
> file. Therefore, I can't -as well- follow that solution.
> 
> 2) What I fail to understand, if it is a bug, or a feature is the 
> following
> : Nginx, when run as command line asks me for my cert key password and 
> runs
> correctly. Why this behaviour can't be applied on a service ?
> The command:
> ---
> # nginx
> ---
> Asks for a password, runs webserver Nginx correctly. However :
> ---
> # service nginx start
> ---
> doesn't, password is not asked on terminal, producing the journalctl 
> above
> mentionned. Why this difference of response ? Why an Apache2-like (that
> works in both situation) mechanism can't be introduced with Nginx ?

Do you know this directive?

http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_password_file

Br Aleks



More information about the nginx mailing list