Welcome! Log In Create A New Profile

Advanced

Nginx failing to ask for PEM SSL key password

November 17, 2015 03:13PM
== CONTEXT ==
nginx version: nginx/1.6.2
Linux - 2.6.32-042stab111.11 #1 SMP Tue Sep 1 18:19:12 MSK 2015 x86_64 GNU/Linux


While starting/restarting nginx with "service nginx start", no password is asked on the terminal and nginx fails to start.

By checking journalctl, I receive the following error :
---
nov. 17 ... systemd[1]: Failed to reset devices.list on /system.slice/nginx.service: No
nov. 17 ... nginx[1441]: Enter PEM pass phrase:
nov. 17 ... nginx[1441]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/mykeycert") failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0906A
nov. 17 ... nginx[1441]: nginx: configuration file /etc/nginx/nginx.conf test failed
nov. 17 ... systemd[1]: nginx.service: control process exited, code=exited status=1
nov. 17 ... systemd[1]: Failed to start A high performance web server and a revers
---
Log files says that a PEM pass phrase has been asked, but that is not the case, nothing can be read from the terminal.


Please note that :

- nginx server starts correctly in command line (#nginx ), not using service. SSL configuration (like file locations and permissions seems therefore correct). Password is -that way- asked on terminal.
- when doing the same SSL configuration with Apache2, the password is well required when starting/restarting Apache2 server with "service apache2 start".



== Problem and Question ==


1) I am not about to remove password of a cert key, since it's usually a bad security practise (considering the server get compromised, the cert will have to be revoked, etc.).
On top of that, as explained, I never had problems on Apache2 using a password protected key Cert file. When I run Apache service, password is well asked. I can not consider the solution of removing the password, when other solutions work properly.
I also checked ssl_password_file proposal. Storing the password in that way would set the security system as if no password was set on the key cert file. Therefore, I can't -as well- follow that solution.

2) What I fail to understand, if it is a bug, or a feature is the following : Nginx, when run as command line asks me for my cert key password and runs correctly. Why this behaviour can't be applied on a service ?
The command:
---
# nginx
---
Asks for a password, runs webserver Nginx correctly. However :
---
# service nginx start
---
doesn't, password is not asked on terminal, producing the journalctl above mentionned. Why this difference of response ? Why an Apache2-like (that works in both situation) mechanism can't be introduced with Nginx ?

Thank you in advance for your answer.
Subject Author Posted

Nginx failing to ask for PEM SSL key password

lakarjail November 17, 2015 03:13PM

Re: Nginx failing to ask for PEM SSL key password

Richard Stanway November 17, 2015 04:26PM

Re: Nginx failing to ask for PEM SSL key password

lakarjail November 18, 2015 04:34AM

Re: Nginx failing to ask for PEM SSL key password

itpp2012 November 18, 2015 05:29AM

Re: Nginx failing to ask for PEM SSL key password

lakarjail November 18, 2015 06:22AM

Re: Nginx failing to ask for PEM SSL key password

itpp2012 November 18, 2015 07:09AM

Re: Nginx failing to ask for PEM SSL key password

Francis Daly November 18, 2015 08:20AM

Re: Nginx failing to ask for PEM SSL key password

lakarjail November 18, 2015 09:31AM

Re: Nginx failing to ask for PEM SSL key password

Francis Daly November 18, 2015 10:42AM

Re: Nginx failing to ask for PEM SSL key password

Francis Daly November 18, 2015 01:52PM

Re: Nginx failing to ask for PEM SSL key password

Aleksandar Lazic November 18, 2015 05:04PM

Re: Nginx failing to ask for PEM SSL key password

B.R. November 19, 2015 05:58AM

Re: Nginx failing to ask for PEM SSL key password

Valentin V. Bartenev November 19, 2015 08:42AM

Re: Nginx failing to ask for PEM SSL key password

nanaya November 19, 2015 09:48AM

Re: Nginx failing to ask for PEM SSL key password

Aleksandar Lazic November 19, 2015 02:16PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 79
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready