Loading...
Loading...
After a new SSL certificate is installed, the NGINX service fails to start and produces error messages similar to those shown below: Feb 08 06:45:07 hostname systemd[1]: Starting LSB: nginx... Feb 08 06:45:07 hostname nginx[6873]: Starting nginx Enter PEM pass phrase: Feb 08 06:45:07 hostname nginx[6873]: nginx: [emerg] cannot load certificate key "/usr/local/search/etc/cert/server.key": PEM_read_bio_PrivateKey() failed (SSL: error:0906406D:PEM routines:PEM_def_callback:problems getting password error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read) Feb 08 06:45:07 hostname startproc[6879]: startproc: exit status of parent of /usr/local/nginx/sbin/nginx: 1 Feb 08 06:45:07 hostname nginx[6873]: ..failed Feb 08 06:45:07 hostname systemd[1]: nginx.service: Control process exited, code=exited status=7 Feb 08 06:45:07 hostname systemd[1]: Failed to start LSB: nginx. Feb 08 06:45:07 hostname systemd[1]: nginx.service: Unit entered failed state. Feb 08 06:45:07 hostname systemd[1]: nginx.service: Failed with result 'exit-code'.
The private key has a passphrase requirement but NGINX is not configured to use passphrases.
The following steps create a private key file without the passphrase requirement: Rename the existing server.key filename to server_pass.key. mv server.key server_pass.key Create a new key without a passphrase requirement. It is assumed that the RSA key is in use, otherwise adjust the command accordingly. When prompted, type the passphrase and press enter. openssl rsa -in server_pass.key -out server.key Stop and start the NGINX service and check that no error messages display: service nginx stop service nginx start service nginx status Go to the search home page. Check that the correct SSL certificate information displays.
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.