Nginx prompts for PEM pass when starting UI (pfSense 2.3-RC)
LinuxTracker last edited by
When a password protected key is used to import a SSL certificate, nginx prompts for a PEM password, every time the UI starts.
I'm wondering if this will lock out an admin, after a remote restart.
Here's what I saw.
When I use StartSSL's recommended CSR command
openssl req -newkey rsa:2048 -keyout yourname.key -out yourname.csr
it mandates assigning a PEM password.
When that password protected key is used in an nginx SSL cert
nginx prompts for the PEM pass whenever the webserver is started/restarted.
When I restarted pfSense, it paused for the PEM pass, seemingly before loading NAT & rules.
I was at another computer on the LAN and pfSense didn't respond to ping/SSH/WebUI.
I had to enter the password at the local console.
My impression is that if I had restarted this pfSense box remotely, it would have been unreachable until the PEM pass was entered at the local console.
I did not test to see if this is actually the case. Sorry.
I opted to strip the password from the key using
openssl rsa -in yourname.key -out yournamenopass.key
and reimport the nginx UI certfificate