Nginx prompts for PEM pass when starting UI (pfSense 2.3-RC)



  • When a password protected key is used to import a SSL certificate, nginx prompts for a PEM password, every time the UI starts.
    I'm wondering if this will lock out an admin, after a remote restart.

    Here's what I saw.

    When I use StartSSL's recommended CSR command

    openssl req -newkey rsa:2048 -keyout yourname.key -out yourname.csr
    

    it mandates assigning a PEM password.

    When that password protected key is used in an nginx SSL cert
    nginx prompts for the PEM pass whenever the webserver is started/restarted.

    When I restarted pfSense, it paused for the PEM pass, seemingly before loading NAT & rules.
    I was at another computer on the LAN and pfSense didn't respond to ping/SSH/WebUI.

    I had to enter the password at the local console.

    My impression is that if I had restarted this pfSense box remotely, it would have been unreachable until the PEM pass was entered at the local console.
    I did not test to see if this is actually the case.  Sorry.

    I opted to strip the password from the key using

    openssl rsa -in yourname.key -out yournamenopass.key
    

    and reimport the nginx UI certfificate