Document limitations for private key format in

SSLProxyMachineCertificateFile and
SSLProxyMachineCertificatePath. PR 63935.

Backport of r1880958 from trunk.

[skip ci]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1880960 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index ddbc7df4aff4d6980f558f5502cbe46393157631..8b628561c76f8f0a1983f07ccfaa4682a7f059f4 100644 (file)
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1833,6 +1833,13 @@ directory contains the appropriate symbolic links.</p>
 <note type="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </note>
+<note type="warning">
+<p>Only keys encoded in PKCS1 RSA, DSA or EC format are supported.
+Keys encoded in PKCS8 format, ie. starting with
+&quot;<code>-----BEGIN PRIVATE KEY-----</code>&quot;,
+must be converted, eg. using
+&quot;<code>openssl rsa -in private-pkcs8.pem -outform pem</code>&quot;.</p>
+</note>
 <example><title>Example</title>
 <highlight language="config">
 SSLProxyMachineCertificatePath "/usr/local/apache2/conf/proxy.crt/"
@@ -1863,6 +1870,13 @@ or additionally to <code>SSLProxyMachineCertificatePath</code>.
 <note type="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </note>
+<note type="warning">
+<p>Only keys encoded in PKCS1 RSA, DSA or EC format are supported.
+Keys encoded in PKCS8 format, ie. starting with
+&quot;<code>-----BEGIN PRIVATE KEY-----</code>&quot;,
+must be converted, eg. using
+&quot;<code>openssl rsa -in private-pkcs8.pem -outform pem</code>&quot;.</p>
+</note>
 <example><title>Example</title>
 <highlight language="config">
 SSLProxyMachineCertificateFile "/usr/local/apache2/conf/ssl.crt/proxy.pem"