: Can I skip the PEM pass phrase question when I restart the webserver? After buying a multi-domain SSL certificate I have started testing it with the Nginx webserver (following documentation

Posted in: #Apache #Https #Nginx #Security

After buying a multi-domain SSL certificate I have started testing it with the Nginx webserver (following documentation in their SSL wiki page).

Everything is fine, it works and I get a green padlock symbol in the URL bar but... every time I restart Nginx I get asked the following question (once for each server, e.g. 5 times):

Starting nginx: Enter PEM pass phrase:

Is this normal and what many other people do? or can I configure it so the password is remembered?

In particular, this is a issue when the machine is rebooted because the webserver won't start until the PEM pass phrase is entered (meaning the website has downtime until there is some human interaction).

10.02% popularity Vote Up Vote Down

: Hosting videos for use in Flowplayer (pseudostreaming)? Flowplayer's pseudostreaming plugin requires a specific server configuration to work. https://static.flowplayer.org/plugins/streaming/pseudostreaming.html

@Marchetta884

Posted in: #Video #WebHosting

1 Comments

: Do sites in subfolders affect the ranking of the main domain? Does putting an unrelated site in a domain's subfolder (to avoid buying a new domain name) affect the domain's search engine ranking

@Marchetta884

Posted in: #Seo #Subdirectory

4 Comments

: Increase development speed for .NET website I am curious to know that how we can make web site development much faster. I am specific about asp.net. As far as my knowledge is concern, we can

@Marchetta884

Posted in: #Tools #WebDevelopment

1 Comments

Login to post a comment!

2 Comments

Sorted by latest first Latest Oldest Best

@Marchetta884

As suggested, I asked the question on ServerFault: serverfault.com/questions/161768/restart-webserver-without-entering-a-password
But the short answer is:

Backup your key:

> cp server.key server.key.org

Strip out the password:

> openssl rsa -in server.key.org -out server.key

[enter the passphrase]

The newly created server.key file has no more passphrase in it and the webservers start without needing a password.

Another option is to use Apaches SSLPassPhraseDialog option to automatically answer the SSL pass phrase question.

Disclaimer: If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked.

10% popularity Vote Up Vote Down

@BetL925

Yes, this is a common thing to do. If the pass phrase would be stored on disk, an attacker could take over the certificate.

Off course you could remove the pass phrase from the certificate, but I would not recommend that! Also other technical solutions exists with external peripherals.

10% popularity Vote Up Vote Down

Feed

: Can I skip the PEM pass phrase question when I restart the webserver? After buying a multi-domain SSL certificate I have started testing it with the Nginx webserver (following documentation

More posts by @Marchetta884

: Hosting videos for use in Flowplayer (pseudostreaming)? Flowplayer's pseudostreaming plugin requires a specific server configuration to work. https://static.flowplayer.org/plugins/streaming/pseudostreaming.html

: Do sites in subfolders affect the ranking of the main domain? Does putting an unrelated site in a domain's subfolder (to avoid buying a new domain name) affect the domain's search engine ranking

: Increase development speed for .NET website I am curious to know that how we can make web site development much faster. I am specific about asp.net. As far as my knowledge is concern, we can

Login to post a comment!

2 Comments

Back to top | Use Dark Theme