: Can I skip the PEM pass phrase question when I restart the webserver? After buying a multi-domain SSL certificate I have started testing it with the Nginx webserver (following documentation
After buying a multi-domain SSL certificate I have started testing it with the Nginx webserver (following documentation in their SSL wiki page).
Everything is fine, it works and I get a green padlock symbol in the URL bar but... every time I restart Nginx I get asked the following question (once for each server, e.g. 5 times):
Starting nginx: Enter PEM pass phrase:
Is this normal and what many other people do? or can I configure it so the password is remembered?
In particular, this is a issue when the machine is rebooted because the webserver won't start until the PEM pass phrase is entered (meaning the website has downtime until there is some human interaction).
More posts by @Marchetta884
2 Comments
Sorted by latest first Latest Oldest Best
As suggested, I asked the question on ServerFault: serverfault.com/questions/161768/restart-webserver-without-entering-a-password
But the short answer is:
Backup your key:
> cp server.key server.key.org
Strip out the password:
> openssl rsa -in server.key.org -out server.key
[enter the passphrase]
The newly created server.key file has no more passphrase in it and the webservers start without needing a password.
Another option is to use Apaches SSLPassPhraseDialog option to automatically answer the SSL pass phrase question.
Disclaimer: If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked.
Yes, this is a common thing to do. If the pass phrase would be stored on disk, an attacker could take over the certificate.
Off course you could remove the pass phrase from the certificate, but I would not recommend that! Also other technical solutions exists with external peripherals.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.