What does "SSL_CTX_use_PrivateKey_file" "problems getting password error" indicate in Nginx error log?

ssl https nginx openssl private-key

68,537

Solution 1

I got it... the private key file used with nginx must not have a passphrase. I removed the passphrase and it worked.

Solution 2

Remove the key pass phrase:

openssl rsa -in key.pem -out newkey.pem

If the certificate and the key are together:

openssl rsa -in mycert.pem -out newcert.pem
openssl x509 -in mycert.pem >>newcert.pem

Source: http://www.madboa.com/geek/openssl/#key-removepass

Solution 3

Because you generate the .crt file with a passphrase, so you need to specify the same passphrase for your .key and .crt file in Nginx conf like this

server {
    ssl_password_file /path-to-your-passphrase/ssl.pass;
}

See Nginx Doc

Or if you don't need the passphrase for your cert file, just use ssh-keygen tool to generate the file as following:

ssh-keygen -t rsa

Solution 4

The question is a bit old now, and nginx actually supports passphrase asking at startup since at least version 1.2. But the issue is still relevant because this capability has been removed from debian in the latest release, version 8 with nginx 1.6. The reason is that passphrase input hasn't been implemented in the systemd script for nginx, while it has been for apache. Launching nginx manually simply works, and it's not too a problem since manual intervention is required anyway, there's no use of systemd here.

Reference: https://forum.nginx.org/read.php?2,262900,262931#msg-262931

View more solutions

68,537

Author by

Alex D

Ruby/C/Lisp/Java/SQL developer with an insatiable thirst for more knowledge.

Updated on July 09, 2022

Comments

Alex D almost 2 years
I'm trying to set up SSL on Nginx. It doesn't work, and I am getting the following error in the error log, which is getting passed up from the OpenSSL library which nginx was compiled with. I don't know what that library is, but it's version 0.8.54 of nginx, and I installed it using apt-get on Ubuntu Linux.
```
2012/02/21 07:06:33 [emerg] 4071#0: 
SSL_CTX_use_PrivateKey_file("/exequias/certs/exequias.com.key") failed (SSL: 
error:0906406D:PEM routines:PEM_def_callback:problems getting password error:
0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:
SSL_CTX_use_PrivateKey_file:PEM lib)
```
I have ensured that the file permissions on the private key file are not stopping nginx from reading it. It is an RSA private key, generated with openssl rsa.

Any ideas what might be causing this?
Alex D almost 11 years

I don't remember -- I may just have generated a new private key with openssl, and left off the passphrase.
Crossle Song almost 11 years

Thanks, i remember the passhprase.
Martin Thoma about 9 years

@CrossleSong ssh-keygen -t rsa and don't enter a passphrase to generate a key without passphrase.
divs1210 about 9 years

Thanks a lot! I was in R'lyeh. You saved my sanity.
Ravindranath Akila about 9 years

You're welcome :-) I hear you. It's two years since I wrote this answer and now I don't remember a thing about this :D #insanityrealized
sudoz almost 8 years

@JosephCoco Yep, you are right. I need to edit my answer.
Will over 6 years

Perfect :thumbsup: