Welcome! Log In Create A New Profile

Advanced

The patch of Nginx SSL: PEM pass phrase problem

September 02, 2011 02:03AM
Hi,

If we configured SSL in Nginx and the Private Key files are encrypted, then the following dialog occurs at Nginx startup time:
Enter PEM pass phrase:

It maybe difficulty for management. Sometimes it's needed to avoid the interactive dialogue at startup time.
So I develop the patch for Nginx ssl module. Wish it helpful!



Directive: ssl_pass_phrase_dialog
--------------------------------------------------------------------
Description: Type of pass phrase dialog for encrypted private keys
Syntax: ssl_pass_phrase_dialog type
Default: ssl_pass_phrase_dialog builtin
Context: http, server

Usage:
--------------------------------------------------------------------
When Nginx starts up it has to read the various Certificate (see ssl_certificate) and Private Key (see ssl_certificate_key) files of the SSL-enabled virtual servers. Because for security reasons the Private Key files are usually encrypted, ngx_ssl module needs to query the administrator for a Pass Phrase in order to decrypt those files. This query can be done in two ways which can be configured by type:

* builtin

This is the default where an interactive terminal dialog occurs at startup time. Here the administrator has to manually enter the Pass Phrase for each encrypted Private Key file.

* exec:/path/to/program

Here an external program is configured which is called at startup for each encrypted Private Key file.

Example:
--------------------------------------------------------------------
(1) ssl_pass_phrase_dialog builtin;
The "Enter PEM pass phrase:" will occurs at the Nginx startup time.

(2) ssl_pass_phrase_dialog "exec:/home/ssl_files/ssl_pass_phrase.sh";
The code of ssl_pass_phrase.sh:
#!/bin/sh
echo "password"

The relevant configuration in Apache is:
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslpassphrasedialog

If more information is needed, please refer to the Nginx HttpSslModule:
http://wiki.nginx.org/HttpSslModule


Patch:
--------------------------------------------------------------------
This patch has been tested in nginx-0.8.54.

The download url is :
http://www.cx.com/dl/?sn=f3c7b79133b7


Author:
--------------------------------------------------------------------
beagem#163.com (Here # is @ in fact)
Subject Author Posted

The patch of Nginx SSL: PEM pass phrase problem

James_Lee September 02, 2011 02:03AM

Re: The patch of Nginx SSL: PEM pass phrase problem

chirho July 29, 2012 09:53PM

Re: The patch of Nginx SSL: PEM pass phrase problem

James_Lee July 31, 2012 10:30AM

Re: The patch of Nginx SSL: PEM pass phrase problem

chirho July 31, 2012 07:12PM

Re: The patch of Nginx SSL: PEM pass phrase problem

姚伟斌 August 01, 2012 12:28AM

Re: The patch of Nginx SSL: PEM pass phrase problem

pbrunnen May 15, 2014 03:59PM

Re: The patch of Nginx SSL: PEM pass phrase problem

Maxim Dounin May 15, 2014 06:02PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 291
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready