Using encrypted private Key file for admin_ssl_cert_key and admin_gui_ssl_cert_key

subrat · April 3, 2020, 6:16am

Hi,

I need to use the encrypted private key for admin_ssl_cert_key and admin_gui_ssl_cert_key and I need to do the decryption of the key files by Nginx on the start of KONG.

The same thing I have tried for ssl_cert_key, to do the decryption at the start of Kong I have the below configuration in kong.conf file:

nginx_proxy_ssl_password_file /var/lib/nginx/ssl_passwords.txt;

From ssl_passwords.txt Nginx is able to the parse phase password and do the decryption of the file.
Nginx doc link I followed for the above: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_password_file

Could you please let us know what configuration I have use in kong.conf so that I can use the encrypted private key for admin_ssl_cert_key and admin_gui_ssl_cert_key

Wangchong_Zhou · April 3, 2020, 4:55pm

Hi,

To add the similar config for admin api, you can use

nginx_admin_ssl_password_file = /var/lib/nginx/ssl_passwords.txt

There’s currently no injected nginx directive support for admin_gui/kong manager. But you should be able to add that directive using a custom nginx template.

subrat · April 4, 2020, 11:53am

Thanks, It is working.

Topic		Replies	Views
Is there a configuration parameter for cert key pass phrase Questions	0	94	October 27, 2023
Proxy client_ssl setup with client cert and key fails on startup Installation/Setup	0	680	July 23, 2019
Kong upstream SSL mTLS Questions	16	7984	November 13, 2019
Adding a client cert to an upstream service Questions	15	4436	July 13, 2022
Implement proxy_ssl_server_name/ssl_name Installation/Setup	0	752	November 30, 2022

Using encrypted private Key file for admin_ssl_cert_key and admin_gui_ssl_cert_key

Related Topics