SebastienB-AVISPL commented on issue #1527:
URL: https://github.com/apache/apisix/issues/1527#issuecomment-1455630124
Hello Team, @dotSlashLu, @membphis,
This feature is important for business, some companies won't accept to
expose Apisix if certificate private key is not protected by a passphrase. We
are running into that problem a few weeks before going to production with
Apisix.
It it possible to re-open this issue ?
I made attempts to forcing the "ssl_password_file" field in the nginx.conf,
but it does not work.
I suppose Apisix is trying to load the key defined in "ssls" section before
the nginx.conf is generated/used (just a guess)
Apisix shows message "Enter PEM pass phrase:" in log and fails with error
(values changed) :
**Enter PEM pass phrase:**
[error] 362#362: *1 [lua] **config_yaml.lua:218**: failed to check item data
of [ssls] err:failed to parse key: **PEM_read_bio_PrivateKey() failed** ,val:
{"key":"-----BEGIN ENCRYPTED PRIVATE KEY-----\nMII[....]-----END ENCRYPTED
PRIVATE KEY-----\n","id":"ssl1","status":1,"snis":["test.com"],
"type":"server","cert":"-----BEGIN CERTIFICATE-----[...]-----END
CERTIFICATE-----\n"}, context: init_worker_by_lua*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
