What does "SSL_CTX_use_PrivateKey_file" "problems getting password error" indicate in Nginx error log?
Solution 1
I got it... the private key file used with nginx must not have a passphrase. I removed the passphrase and it worked.
Solution 2
Remove the key pass phrase:
openssl rsa -in key.pem -out newkey.pem
If the certificate and the key are together:
openssl rsa -in mycert.pem -out newcert.pem
openssl x509 -in mycert.pem >>newcert.pem
Source: http://www.madboa.com/geek/openssl/#key-removepass
Solution 3
Because you generate the .crt file with a passphrase, so you need to specify the same passphrase for your .key and .crt file in Nginx conf like this
server {
ssl_password_file /path-to-your-passphrase/ssl.pass;
}
See Nginx Doc
Or if you don't need the passphrase for your cert file, just use ssh-keygen
tool to generate the file as following:
ssh-keygen -t rsa
Solution 4
The question is a bit old now, and nginx actually supports passphrase asking at startup since at least version 1.2. But the issue is still relevant because this capability has been removed from debian in the latest release, version 8 with nginx 1.6. The reason is that passphrase input hasn't been implemented in the systemd script for nginx, while it has been for apache. Launching nginx manually simply works, and it's not too a problem since manual intervention is required anyway, there's no use of systemd here.
Reference: https://forum.nginx.org/read.php?2,262900,262931#msg-262931
Alex D
Ruby/C/Lisp/Java/SQL developer with an insatiable thirst for more knowledge.
Updated on July 09, 2022Comments
-
Alex D almost 2 years
I'm trying to set up SSL on Nginx. It doesn't work, and I am getting the following error in the error log, which is getting passed up from the OpenSSL library which nginx was compiled with. I don't know what that library is, but it's version 0.8.54 of nginx, and I installed it using apt-get on Ubuntu Linux.
2012/02/21 07:06:33 [emerg] 4071#0: SSL_CTX_use_PrivateKey_file("/exequias/certs/exequias.com.key") failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error: 0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines: SSL_CTX_use_PrivateKey_file:PEM lib)
I have ensured that the file permissions on the private key file are not stopping nginx from reading it. It is an RSA private key, generated with
openssl rsa
.Any ideas what might be causing this?
-
Alex D almost 11 yearsI don't remember -- I may just have generated a new private key with
openssl
, and left off the passphrase. -
Crossle Song almost 11 yearsThanks, i remember the passhprase.
-
Martin Thoma about 9 years@CrossleSong
ssh-keygen -t rsa
and don't enter a passphrase to generate a key without passphrase. -
divs1210 about 9 yearsThanks a lot! I was in R'lyeh. You saved my sanity.
-
Ravindranath Akila about 9 yearsYou're welcome :-) I hear you. It's two years since I wrote this answer and now I don't remember a thing about this :D #insanityrealized
-
sudoz almost 8 years@JosephCoco Yep, you are right. I need to edit my answer.
-
Will over 6 yearsPerfect :thumbsup: