Nginx failing to ask for PEM SSL key password

B.R. reallfqq-nginx at yahoo.fr
Thu Nov 19 10:56:37 UTC 2015 

Aleks: Have you even read the 1st message from lakarjail?

​(s)he said he had a look at it. It seems (s)he only wants​ interactive
solutions with the password being written nowhere.
Although the reasoning appearing strange to me (someone needs to be there
in case of unexpected reload/restart, otherwise, as long as it is stored
and extracted automatically, whatever storage solutions being chosen, it
ends up all the same to me), (s)he seems to be knowing what (s)he wants.
---
*B. R.*

On Wed, Nov 18, 2015 at 11:02 PM, Aleksandar Lazic <al-nginx at none.at> wrote:

> Hi.
>
> Am 17-11-2015 21:13, schrieb lakarjail:
>
> [snipp]
>
>
> Please note that :
>>
>>    - nginx server starts correctly in command line (#nginx ), not using
>> service. SSL configuration (like file locations and permissions seems
>> therefore correct). Password is -that way- asked on terminal.
>>    - when doing the same SSL configuration with Apache2, the password is
>> well required when starting/restarting Apache2 server with "service
>> apache2
>> start".
>>
>> == Problem and Question ==
>>
>>
>>  1) I am not about to remove password of a cert key, since it's usually a
>> bad security practise (considering the server get compromised, the cert
>> will
>> have to be revoked, etc.).
>> On top of that, as explained, I never had problems on Apache2 using a
>> password protected key Cert file. When I run Apache service, password is
>> well asked. I can not consider the solution of removing the password, when
>> other solutions work properly.
>> I also checked ssl_password_file proposal. Storing the password in that
>> way
>> would set the security system as if no password was set on the key cert
>> file. Therefore, I can't -as well- follow that solution.
>>
>> 2) What I fail to understand, if it is a bug, or a feature is the
>> following
>> : Nginx, when run as command line asks me for my cert key password and
>> runs
>> correctly. Why this behaviour can't be applied on a service ?
>> The command:
>> ---
>> # nginx
>> ---
>> Asks for a password, runs webserver Nginx correctly. However :
>> ---
>> # service nginx start
>> ---
>> doesn't, password is not asked on terminal, producing the journalctl above
>> mentionned. Why this difference of response ? Why an Apache2-like (that
>> works in both situation) mechanism can't be introduced with Nginx ?
>>
>
> Do you know this directive?
>
> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_password_file
>
> Br Aleks
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20151119/5f1d9ccd/attachment.html>

More information about the nginx mailing list