Hi,
If we configured SSL in Nginx and the Private Key files are encrypted, then the following dialog occurs at Nginx startup time:
Enter PEM pass phrase:
It maybe difficulty for management. Sometimes it's needed to avoid the interactive dialogue at startup time.
So I develop the patch for Nginx ssl module. Wish it helpful!
Directive: ssl_pass_phrase_dialog
--------------------------------------------------------------------
Description: Type of pass phrase dialog for encrypted private keys
Syntax: ssl_pass_phrase_dialog type
Default: ssl_pass_phrase_dialog builtin
Context: http, server
Usage:
--------------------------------------------------------------------
When Nginx starts up it has to read the various Certificate (see ssl_certificate) and Private Key (see ssl_certificate_key) files of the SSL-enabled virtual servers. Because for security reasons the Private Key files are usually encrypted, ngx_ssl module needs to query the administrator for a Pass Phrase in order to decrypt those files. This query can be done in two ways which can be configured by type:
* builtin
This is the default where an interactive terminal dialog occurs at startup time. Here the administrator has to manually enter the Pass Phrase for each encrypted Private Key file.
* exec:/path/to/program
Here an external program is configured which is called at startup for each encrypted Private Key file.
Example:
--------------------------------------------------------------------
(1) ssl_pass_phrase_dialog builtin;
The "Enter PEM pass phrase:" will occurs at the Nginx startup time.
(2) ssl_pass_phrase_dialog "exec:/home/ssl_files/ssl_pass_phrase.sh";
The code of ssl_pass_phrase.sh:
#!/bin/sh
echo "password"
The relevant configuration in Apache is:
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslpassphrasedialog
If more information is needed, please refer to the Nginx HttpSslModule:
http://wiki.nginx.org/HttpSslModule
Patch:
--------------------------------------------------------------------
This patch has been tested in nginx-0.8.54.
The download url is :
http://www.cx.com/dl/?sn=f3c7b79133b7
Author:
--------------------------------------------------------------------
beagem#163.com (Here # is @ in fact)