From: Joe Orton Date: Thu, 3 May 2018 16:11:41 +0000 (+0000) Subject: Transforms. X-Git-Tag: 2.5.0-alpha2-ci-test-only~2635 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab82a8db277f60c2de5952717a86e42058f7effd;p=thirdparty%2Fapache%2Fhttpd.git Transforms. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830840 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index fb3a084b483..29a8be38b49 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -711,15 +711,17 @@ thus using a custom/suitable length.

SSLCertificateKeyFile Directive

- + +
Description:Server PEM-encoded private key file
Syntax:SSLCertificateKeyFile file-path
Syntax:SSLCertificateKeyFile file-path|keyid
Context:server config, virtual host
Status:Extension
Module:mod_ssl
Compatibility:keyid available in 2.5.1 and later.

This directive points to the PEM-encoded private key file for the -server. If the contained private key is encrypted, the pass phrase -dialog is forced at startup time.

+server, or the key ID through a configured cryptographic token. If the +contained private key is encrypted, the pass phrase dialog is forced +at startup time.

The directive can be used multiple times (referencing different filenames) @@ -735,7 +737,18 @@ is highly discouraged. If it is used, the certificate files using such an embedded key must be configured after the certificates using a separate key file.

-

Example

SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key"
+

As an alternative to storing private keys in files, a key +identifier can be specified to identify a private key stored in a +token. Currently, only PKCS#11 URIs are recognized as private key +identifiers, and can be used in conjunction with the OpenSSL +pkcs11 engine configured with SSLCryptoDevice.

+ +

Example

# To use a private key from a PEM-encoded file:
+SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key"
+# To use a private key from a PKCS#11 token:
+SSLCryptoDevice pkcs11
+...
+SSLCertificateKeyFile "pkcs11:token=My%20Token%20Name;id=45"
diff --git a/docs/manual/mod/mod_ssl.xml.es b/docs/manual/mod/mod_ssl.xml.es index 9db7ef3c8a3..aab2cf1d3d7 100644 --- a/docs/manual/mod/mod_ssl.xml.es +++ b/docs/manual/mod/mod_ssl.xml.es @@ -1,7 +1,7 @@ - + + diff --git a/docs/manual/mod/mod_ssl.xml.meta b/docs/manual/mod/mod_ssl.xml.meta index d50eb9de390..194507ef078 100644 --- a/docs/manual/mod/mod_ssl.xml.meta +++ b/docs/manual/mod/mod_ssl.xml.meta @@ -9,6 +9,6 @@ en es - fr + fr diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en index 2462c7903b9..dbe2428f4ea 100644 --- a/docs/manual/mod/quickreference.html.en +++ b/docs/manual/mod/quickreference.html.en @@ -1082,7 +1082,7 @@ Client Auth Client Auth SSLCertificateChainFile file-pathsvEFile of PEM-encoded Server CA Certificates SSLCertificateFile file-pathsvEServer PEM-encoded X.509 certificate data file -SSLCertificateKeyFile file-pathsvEServer PEM-encoded private key file +SSLCertificateKeyFile file-path|keyidsvEServer PEM-encoded private key file SSLCipherSuite [protocol] cipher-spec DEFAULT (depends on +svdhECipher Suite available for negotiation in SSL handshake SSLCompression on|off off svEEnable compression on the SSL level