Document limitations for private key format in

SSLProxyMachineCertificateFile and
SSLProxyMachineCertificatePath. PR 63935.
[skip ci]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1880958 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index d48691112465fc7fa16f5e824d7f92f04bcdc7cd..2452811cf0bbf3f7078f40ceb4137714e8cc26aa 100644 (file)
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1847,6 +1847,13 @@ contain a PEM-encoded certificate and matching private key.
 <note type="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </note>
+<note type="warning">
+<p>Only keys encoded in PKCS1 RSA, DSA or EC format are supported.
+Keys encoded in PKCS8 format, ie. starting with
+&quot;<code>-----BEGIN PRIVATE KEY-----</code>&quot;,
+must be converted, eg. using
+&quot;<code>openssl rsa -in private-pkcs8.pem -outform pem</code>&quot;.</p>
+</note>
 <example><title>Example</title>
 <highlight language="config">
 SSLProxyMachineCertificatePath "/usr/local/apache2/conf/proxy.crt/"
@@ -1877,6 +1884,13 @@ or additionally to <code>SSLProxyMachineCertificatePath</code>.
 <note type="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </note>
+<note type="warning">
+<p>Only keys encoded in PKCS1 RSA, DSA or EC format are supported.
+Keys encoded in PKCS8 format, ie. starting with
+&quot;<code>-----BEGIN PRIVATE KEY-----</code>&quot;,
+must be converted, eg. using
+&quot;<code>openssl rsa -in private-pkcs8.pem -outform pem</code>&quot;.</p>
+</note>
 <example><title>Example</title>
 <highlight language="config">
 SSLProxyMachineCertificateFile "/usr/local/apache2/conf/ssl.crt/proxy.pem"