I just got nginx running great on my windows box over port 80. As soon
as I tried to have it serve up ssl things quickly degrade.
After starting up nginx I get a prompt to enter my passphrase for my ssl
which is correct. After entering the passphrase… nginx looks to run for
5 seconds and then quits. I see this in the log:
2011/04/18 09:49:09 [alert] 1992#4548: the event “ngx_master_1992” was
not signaled for 5s
I’m not sure what can be done about this error. My conf looks like:
server {
listen 443 default ssl;
server_name _;
ssl_certificate ssl/mysite.crt;
ssl_certificate_key ssl/mysite.key;
location / {
root html;
index index.html index.htm;
}
}
I feel like I’m missing something rather minor. Any help would be much
appreciated.
Thanks,
Jake
Posted at Nginx Forum:
Have same problems, anybody solved this?
Tried with nginx 1.0.0 and 0.9.7, results are same.
Here is ssl part of config file:
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate ssl/server.crt;
ssl_certificate_key ssl/server.key;
ssl_session_timeout 5m;
location / {
root html;
index index.html index.htm;
}
}
Posted at Nginx Forum:
On Mon, Apr 18, 2011 at 12:57:57PM -0400, jakehilton wrote:
I’m not sure what can be done about this error. My conf looks like:
index index.html index.htm;
}
}
I feel like I’m missing something rather minor. Any help would be much
appreciated.
An nginx worker of Windows version does not inherit configuraiton
file from a master process as Unix version does. So it loads certificate
separately and waits for the passphrase too. The only solution is to
remove passphrase from certificate key.
–
Igor S.
Removing the passphrase did in fact work! Thank you.
Pitty there is a disconnect from the prompt to enter in the passphrase
and the worker.
I think nginx is worth it though. 
Thanks,
Jake
Posted at Nginx Forum:
On Mon, Apr 18, 2011 at 11:59 PM, Igor S. [email protected] wrote:
An nginx worker of Windows version does not inherit configuraiton
file from a master process as Unix version does. So it loads certificate
separately and waits for the passphrase too. The only solution is to
remove passphrase from certificate key.
Set strong permissions of course, but you can also probably protect
the key file with the encrypting file system on Windows boxes,
encrypted with the only the user account nginx uses and no recovery
key. This makes it about as safe as possible, although an attacker
that gains LocalSystem privileges can still get at the private key
with some work (really, anyone who has the rights to attach a debugger
to the nginx process could get the key from memory).
RPM