Trouble reloading built-in HTTP server, SSL with passphrase

Hi everyone,

Disclaimer: I am not very familiar with SSL/TLS.

I installed a cert that has an encrypted key and requires a passphrase, I am not sure where I need to enter the passphrase so Asterisk can load it.

When I do a core reload, I see the following:


-- Reloading module 'http' (Built-in HTTP Server)
 Bound HTTP server to address 0.0.0.0:0
[2021-04-29 04:39:40] ERROR[3845]: tcptls.c:489 __ssl_setup: TLS/SSL error loading private key file. </path/to/certificates/mydomain.com.key>
[2021-04-29 04:39:40] ERROR[3845]: tcptls.c:126 write_openssl_error_to_log: 140668160796416:error:0906406D:PEM routines:PEM_def_callback:problems getting password:pem_lib.c:116:
140668160796416:error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read:pem_pkey.c:117:
140668160796416:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:649:

I appreciate any help!

Thanks

I don’t believe that is supported. It would require manual intervention every time Asterisk restarts. You will need to use the OpenSSL tools to remove the password layer.

Did that, thanks.

I guess a feature request will be the way to go…

Feature requests are only accepted when accompanied by code to implement the feature. Also, as this hasn’t come up before, I imagine there is very little demand to have to type in a pass phrase every time Asterisk is started.

1 Like