Avoid PEM pass phrase

我在制作 SSL key file 时输入了一个 pass phrase。CA 把 SSL 证书发给我后，我在 Nignx 试着加载 key 和证书，发现每次重启 Nginx 时，都会被要求 Enter PEM pass phrase。岂不很烦，而且万一服务器重启，岂不还要人工干预才能重启 web server？

原本以为把 pass phrase 从 key 文件里拿掉后，要找 CA 重新制作证书，后来发现不用，证书跟 pass phrase 无关。Nginx 的文档没有提及，Apache 倒是有提：

If necessary, you can also create a decrypted PEM version (not recommended) of this RSA private key with:
openssl rsa -in server.key -out server.key.unsecure

拿到 pass phrase 后安全性自然降低了，不过完全值得。

July 7, 2010 1and1 cloud server datasheet
May 16, 2009 Create a password file for Nginx basic authentication
May 13, 2009 Perfect settings for Magento on Nginx
May 10, 2009 Different syntax in Nginx and Apache
March 16, 2009 From Apache to Nginx

S	M	T	W	T	F	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Avoid PEM pass phrase

Related Posts

Leave a comment