From: Rainer Jung <rjung@apache.org>
Date: Tue, 18 Aug 2020 09:47:35 +0000 (+0000)
Subject: Document limitations for private key format in
X-Git-Tag: 2.5.0-alpha2-ci-test-only~1233
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=586fa4a198c0a01564046e1a8a064f4da0b5597d;p=thirdparty%2Fapache%2Fhttpd.git

Document limitations for private key format in
SSLProxyMachineCertificateFile and
SSLProxyMachineCertificatePath. PR 63935.
[skip ci]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1880958 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index d4869111246..2452811cf0b 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -1847,6 +1847,13 @@ contain a PEM-encoded certificate and matching private key.
 <note type="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </note>
+<note type="warning">
+<p>Only keys encoded in PKCS1 RSA, DSA or EC format are supported.
+Keys encoded in PKCS8 format, ie. starting with
+&quot;<code>-----BEGIN PRIVATE KEY-----</code>&quot;,
+must be converted, eg. using
+&quot;<code>openssl rsa -in private-pkcs8.pem -outform pem</code>&quot;.</p>
+</note>
 <example><title>Example</title>
 <highlight language="config">
 SSLProxyMachineCertificatePath "/usr/local/apache2/conf/proxy.crt/"
@@ -1877,6 +1884,13 @@ or additionally to <code>SSLProxyMachineCertificatePath</code>.
 <note type="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </note>
+<note type="warning">
+<p>Only keys encoded in PKCS1 RSA, DSA or EC format are supported.
+Keys encoded in PKCS8 format, ie. starting with
+&quot;<code>-----BEGIN PRIVATE KEY-----</code>&quot;,
+must be converted, eg. using
+&quot;<code>openssl rsa -in private-pkcs8.pem -outform pem</code>&quot;.</p>
+</note>
 <example><title>Example</title>
 <highlight language="config">
 SSLProxyMachineCertificateFile "/usr/local/apache2/conf/ssl.crt/proxy.pem"