From: Joe Orton Date: Thu, 20 Feb 2020 08:50:16 +0000 (+0000) Subject: Transforms. [skip ci] X-Git-Tag: 2.4.42~73 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4240fd773c18f841cb1f89dbad9c4b3adadbf74b;p=thirdparty%2Fapache%2Fhttpd.git Transforms. [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1874245 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index 37a9bc25413..289c6473083 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -365,7 +365,7 @@ Require valid-user - + @@ -410,7 +410,7 @@ contains the appropriate symbolic links.

Description:File of concatenated PEM-encoded CA Certificates for Client Auth
Syntax:SSLCACertificateFile file-path
Syntax:SSLCACertificateFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl
- + @@ -521,7 +521,7 @@ CRL checks are applied to all certificates in the chain, while setting it to
Description:File of concatenated PEM-encoded CA Certificates for defining acceptable CA names
Syntax:SSLCADNRequestFile file-path
Syntax:SSLCADNRequestFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl
- + @@ -565,7 +565,7 @@ contains the appropriate symbolic links.

SSLCertificateChainFile Directive

Description:File of concatenated PEM-encoded CA CRLs for Client Auth
Syntax:SSLCARevocationFile file-path
Syntax:SSLCARevocationFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl
- + @@ -607,15 +607,16 @@ confused in this situation.

top

SSLCertificateFile Directive

Description:File of PEM-encoded Server CA Certificates
Syntax:SSLCertificateChainFile file-path
Syntax:SSLCertificateChainFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl
- - + + +
Description:Server PEM-encoded X.509 certificate data file
Syntax:SSLCertificateFile file-path
Description:Server PEM-encoded X.509 certificate data file or token identifier
Syntax:SSLCertificateFile file-path|certid
Context:server config, virtual host
Status:Extension
Module:mod_ssl
Compatibility:certid available in 2.4.42 and later.

-This directive points to a file with certificate data in PEM format. -At a minimum, the file must include an end-entity (leaf) certificate. +This directive points to a file with certificate data in PEM format, or the certificate identifier through a configured cryptographic token. +If using a PEM file, at minimum, the file must include an end-entity (leaf) certificate. The directive can be used multiple times (referencing different filenames) to support multiple algorithms for server authentication - typically RSA, DSA, and ECC. The number of supported algorithms depends on the @@ -656,6 +657,14 @@ after the certificates using a separate key file. If the private key is encrypted, the pass phrase dialog is forced at startup time.

+

As an alternative to storing certificates and private keys in +files, a certificate identifier can be used to identify a certificate +stored in a token. Currently, only PKCS#11 URIs are +recognized as certificate identifiers, and can be used in conjunction +with the OpenSSL pkcs11 engine. If SSLCertificateKeyFile is omitted, the +certificate and private key can be loaded through the single +identifier specified with SSLCertificateFile.

+

DH parameter interoperability with primes > 1024 bit

@@ -699,7 +708,10 @@ thus using a custom/suitable length.

-

Example

SSLCertificateFile "/usr/local/apache2/conf/ssl.crt/server.crt"
+

Example

# Example using a PEM-encoded file.
+SSLCertificateFile "/usr/local/apache2/conf/ssl.crt/server.crt"
+# Example use of a certificate and private key from a PKCS#11 token:
+SSLCertificateFile "pkcs11:token=My%20Token%20Name;id=45"
@@ -707,15 +719,17 @@ thus using a custom/suitable length.

SSLCertificateKeyFile Directive

- + +
Description:Server PEM-encoded private key file
Syntax:SSLCertificateKeyFile file-path
Syntax:SSLCertificateKeyFile file-path|keyid
Context:server config, virtual host
Status:Extension
Module:mod_ssl
Compatibility:keyid available in 2.4.42 and later.

This directive points to the PEM-encoded private key file for the -server. If the contained private key is encrypted, the pass phrase -dialog is forced at startup time.

+server, or the key ID through a configured cryptographic token. If the +contained private key is encrypted, the pass phrase dialog is forced +at startup time.

The directive can be used multiple times (referencing different filenames) @@ -731,7 +745,16 @@ is highly discouraged. If it is used, the certificate files using such an embedded key must be configured after the certificates using a separate key file.

-

Example

SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key"
+

As an alternative to storing private keys in files, a key +identifier can be used to identify a private key stored in a +token. Currently, only PKCS#11 URIs are recognized as private key +identifiers, and can be used in conjunction with the OpenSSL +pkcs11 engine.

+ +

Example

# To use a private key from a PEM-encoded file:
+SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key"
+# To use a private key from a PKCS#11 token:
+SSLCertificateKeyFile "pkcs11:token=My%20Token%20Name;id=45"
@@ -1530,7 +1553,7 @@ The available (case-insensitive) protocols are:

- + @@ -1615,7 +1638,7 @@ to succeed - otherwise it will fail with an
Description:File of concatenated PEM-encoded CA Certificates for Remote Server Auth
Syntax:SSLProxyCACertificateFile file-path
Syntax:SSLProxyCACertificateFile file-path
Context:server config, virtual host, proxy section
Status:Extension
Module:mod_ssl
- + @@ -2344,7 +2367,7 @@ values like 300 in real life.

SSLSessionTicketKeyFile Directive

Description:File of concatenated PEM-encoded CA CRLs for Remote Server Auth
Syntax:SSLProxyCARevocationFile file-path
Syntax:SSLProxyCARevocationFile file-path
Context:server config, virtual host, proxy section
Status:Extension
Module:mod_ssl
- + @@ -2425,7 +2448,7 @@ SSLSRPUnknownUserSeed "secret"

SSLSRPVerifierFile Directive

Description:Persistent encryption/decryption key for TLS session tickets
Syntax:SSLSessionTicketKeyFile file-path
Syntax:SSLSessionTicketKeyFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl
- + diff --git a/docs/manual/mod/mod_ssl.xml.fr b/docs/manual/mod/mod_ssl.xml.fr index 12dcea1b7ec..65649da78eb 100644 --- a/docs/manual/mod/mod_ssl.xml.fr +++ b/docs/manual/mod/mod_ssl.xml.fr @@ -1,7 +1,7 @@ - +
Description:Path to SRP verifier file
Syntax:SSLSRPVerifierFile file-path
Syntax:SSLSRPVerifierFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl