At first I thought the 0x0a character could be a problem, though highly improbable... then I realized that one of the server blocks using that certificate had no ssl_password_file configured.
Shameful mistake created a dummy error. Sorry for bothering! Thanks for help. --- *B. R.* On Mon, Aug 10, 2015 at 1:00 PM, Valentin V. Bartenev <[email protected]> wrote: > On Saturday 08 August 2015 17:05:26 B.R. wrote: > > Hello, > > > > I cannot manage to load a certificate protected wit ha password on nginx > > 1.8.0: > > [emerg] 2331#0: > SSL_CTX_use_PrivateKey_file("/etc/ssl/private/domain.key") > > failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems > getting > > password error:0906A068:PEM routines:PEM_do_header:bad password read > > error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) > > > > The file configured with ssl_password_file is plaintext, restricted to > read > > rights for root user only (even tried root user + root group). > > Shall it be otherwise? Have I missed something? > > > > I intended to avoid deciphering my private keys using this new > capability > > of nginx. > > > > I also noted that, dunno if it might be related to my trouble: > > http://mailman.nginx.org/pipermail/nginx-devel/2014-October/006104.html > > > > $ sudo nginx -v > > nginx version: nginx/1.8.0 > > $ openssl version > > OpenSSL 1.0.1k 8 Jan 2015 > > Check your password file with hex editor. > > wbr, Valentin V. Bartenev > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
