Welcome! Log In Create A New Profile

The patch of Nginx SSL: PEM pass phrase problem

Forum List Message List New Topic Print View

James_Lee

September 02, 2011 02:03AM

Registered: 13 years ago
Posts: 2

Hi,

If we configured SSL in Nginx and the Private Key files are encrypted, then the following dialog occurs at Nginx startup time:
Enter PEM pass phrase:

It maybe difficulty for management. Sometimes it's needed to avoid the interactive dialogue at startup time.
So I develop the patch for Nginx ssl module. Wish it helpful!

Directive: ssl_pass_phrase_dialog
--------------------------------------------------------------------
Description: Type of pass phrase dialog for encrypted private keys
Syntax: ssl_pass_phrase_dialog type
Default: ssl_pass_phrase_dialog builtin
Context: http, server

Usage:
--------------------------------------------------------------------
When Nginx starts up it has to read the various Certificate (see ssl_certificate) and Private Key (see ssl_certificate_key) files of the SSL-enabled virtual servers. Because for security reasons the Private Key files are usually encrypted, ngx_ssl module needs to query the administrator for a Pass Phrase in order to decrypt those files. This query can be done in two ways which can be configured by type:

* builtin

This is the default where an interactive terminal dialog occurs at startup time. Here the administrator has to manually enter the Pass Phrase for each encrypted Private Key file.

* exec:/path/to/program

Here an external program is configured which is called at startup for each encrypted Private Key file.

Example:
--------------------------------------------------------------------
(1) ssl_pass_phrase_dialog builtin;
The "Enter PEM pass phrase:" will occurs at the Nginx startup time.

(2) ssl_pass_phrase_dialog "exec:/home/ssl_files/ssl_pass_phrase.sh";
The code of ssl_pass_phrase.sh:
#!/bin/sh
echo "password"

The relevant configuration in Apache is:
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslpassphrasedialog

If more information is needed, please refer to the Nginx HttpSslModule:
http://wiki.nginx.org/HttpSslModule

Patch：
--------------------------------------------------------------------
This patch has been tested in nginx-0.8.54.

The download url is :
http://www.cx.com/dl/?sn=f3c7b79133b7

Author:
--------------------------------------------------------------------
beagem#163.com (Here # is @ in fact)

Reply Quote

RSS

Subject	Author	Posted
The patch of Nginx SSL: PEM pass phrase problem	James_Lee	September 02, 2011 02:03AM
Re: The patch of Nginx SSL: PEM pass phrase problem	chirho	July 29, 2012 09:53PM
Re: The patch of Nginx SSL: PEM pass phrase problem	James_Lee	July 31, 2012 10:30AM
Re: The patch of Nginx SSL: PEM pass phrase problem	chirho	July 31, 2012 07:12PM
Re: The patch of Nginx SSL: PEM pass phrase problem	姚伟斌	August 01, 2012 12:28AM
Re: The patch of Nginx SSL: PEM pass phrase problem	pbrunnen	May 15, 2014 03:59PM
Re: The patch of Nginx SSL: PEM pass phrase problem	Maxim Dounin	May 15, 2014 06:02PM