Page MenuHomePhabricator

Unable to start Aphlict server with a passphrase protected SSL cert/key
Open, WishlistPublic


Our Phabricator install uses HTTPS and I followed directions on to set up ssl-cert and ssl-key settings.
Now when I try to run ./bin/aphlict start the feedback I get is that the server has started, but then it starts to repeatedly ask me for my PEM passphrase, like this:

administrator@ubuntu:/phabricator/phabricator$ Enter PEM pass phrase:
Enter PEM pass phrase:
Enter PEM pass phrase:
Enter PEM pass phrase:

It never actually lets me enter the passphrase and everything I enter is interpreted as a bash command. If I run it like ./bin/aphlict debug it brings up the PEM pass phrase prompt, lets me enter the passphrase and then runs as expected.

Event Timeline

anton.vladimirov raised the priority of this task from to Needs Triage.
anton.vladimirov updated the task description. (Show Details)
anton.vladimirov added a subscriber: anton.vladimirov.
epriestley triaged this task as Wishlist priority.Mar 3 2015, 12:35 AM
epriestley added a subscriber: epriestley.

The process has already daemonized by the time we get this far, and it's generally impractical for us to prompt for the passphrase before daemonizing without significant rearchitecture. We also haven't seen other users trying to use password-protected certificates, and believe their use to be rare in most infrastructure (for instance, ELBs in AWS do not support them either).

Generally, we're unlikely to support this. Two workarounds are:

  • Strip the password (recommended).
  • Run in debug mode and handle daemonization with a hack like using screen (discouraged, but should work if you're not comfortable stripping the password).

Fair enough. I got a new certificate that doesn't require a passphrase and it's working as expected now, except now I'm seeing T7435

Would it be possible to add something similar to Apache's SSLPassPhraseDialog exec:/path/to/program directive?