4. Nginx prompts for PEM pass when starting UI (pfSense 2.3-RC)

Nginx prompts for PEM pass when starting UI (pfSense 2.3-RC)

  • L

    When a password protected key is used to import a SSL certificate, nginx prompts for a PEM password, every time the UI starts.
    I'm wondering if this will lock out an admin, after a remote restart.

    Here's what I saw.

    When I use StartSSL's recommended CSR command

    openssl req -newkey rsa:2048 -keyout yourname.key -out yourname.csr

    it mandates assigning a PEM password.

    When that password protected key is used in an nginx SSL cert
    nginx prompts for the PEM pass whenever the webserver is started/restarted.

    When I restarted pfSense, it paused for the PEM pass, seemingly before loading NAT & rules.
    I was at another computer on the LAN and pfSense didn't respond to ping/SSH/WebUI.

    I had to enter the password at the local console.

    My impression is that if I had restarted this pfSense box remotely, it would have been unreachable until the PEM pass was entered at the local console.
    I did not test to see if this is actually the case.  Sorry.

    I opted to strip the password from the key using

    openssl rsa -in yourname.key -out yournamenopass.key

    and reimport the nginx UI certfificate

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy