Securing the HTTPS private key

Roger Fischer roger at netskrt.io
Wed Nov 14 20:17:57 UTC 2018


Hello,

does NGINX support any mechanisms to securely access the private key of server certificates?

Specifically, could NGINX make a request to a key store, rather than reading from a local file?

Are there any best practices for keeping private keys secure?

I understand the basics. The key file should only be readable by root. I cannot protect the key with a pass-phrase, as NGINX needs to start and restart autonomously.

Thanks…

Roger



More information about the nginx mailing list