Thank you for your answer. I agree with you on all points concerning if it would or not improve the security.

Francis Daly Wrote:
-------------------------------------------------------
> On Wed, Nov 18, 2015 at 04:34:20AM -0500, lakarjail wrote:
> I don't see how your system security is enhanced, if you do anything
> other than manually type in the password each time it is needed.

That is exactly what I am looking for, I am not looking for another solution. I wish I could launch Nginx as a service and "manually" type in the password.

However the password requirement phase is not displayed using nginx debian service, though it is displayed with Apache service and its ssl_mod thanks to the method I was previously mentioning.

a) I was just wondering (trying to understand understand) if there was any reason regarding why it does't work, and, in case was not implemented/made it available on purpose, why this option was chosen not to be implemented.


b) I.e., in what way using the same kind of Apache SSLPassPhraseDialog (that force you to enter passphrase by hand, not storing any password on the local machine) would set the global certificate security level at same level than storing it in a file on the local machine (whatever permissions are set on this file).