sxg_certificate_key
The `sxg_certificate_key` directive specifies the path to the private key associated with the SXG certificate in NGINX.
Description
The sxg_certificate_key directive is a critical configuration option within the NGINX Signed HTTP Exchange (SXG) module that specifies the absolute path to the private key file corresponding to the SXG signing certificate. This key is essential for the server to sign exchanges, allowing clients to verify the authenticity of the content served. The private key must be in a format that is compatible with the OpenSSL library, which NGINX uses to handle SSL/TLS operations.
Providing this directive is mandatory for the SXG functionality to work. It should be placed in the server context of the NGINX configuration, and the path provided must be accessible by the NGINX process. A common oversight is failing to set the correct permissions for the key file, which could prevent NGINX from accessing it, leading to operational failures when processing requests requiring SXG signing.
A typical configuration for the sxg_certificate_key directive would directly correlate with the sxg_certificate directive, where both must be set to successfully implement SXG. Make sure the private key matches the certificate and has been generated correctly with the necessary attributes for signing HTTP exchanges.
Config Example
server {
listen 443 ssl;
sxg_certificate /path/to/certificate.pem;
sxg_certificate_key /path/to/private/key.pem;
sxg_cert_url https://example.com/cert.cbor;
sxg_validity_url https://example.com/validity;
sxg_max_payload 67108864;
}Ensure the path to the private key file is correct and accessible by the NGINX process.
Check that file permissions allow the NGINX user to read the private key file to avoid access issues.
The private key must correspond to the certificate specified by sxg_certificate.