<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLCACertificateFile "/usr/local/apache2/conf/ssl.crt/ca-bundle-client.crt"</pre>
</div>
+<p>This file is read at server startup, while the server is still running
+as <code>root</code> (before privilege dropping), so it may be owned by
+and readable only by <code>root</code>. The file is not re-read during
+normal operation; a server restart is required for changes to take
+effect.</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCACertificatePath" id="SSLCACertificatePath">SSLCACertificatePath</a> <a name="sslcacertificatepath" id="sslcacertificatepath">Directive</a> <a title="Permanent link" href="#sslcacertificatepath" class="permalink">¶</a></h2>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLCACertificatePath "/usr/local/apache2/conf/ssl.crt/"</pre>
</div>
+<p>The files in this directory are read at server startup, while the server
+is still running as <code>root</code> (before privilege dropping), so they
+may be owned by and readable only by <code>root</code>. The files are not
+re-read during normal operation; a server restart is required for changes
+to take effect.</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCADNRequestFile" id="SSLCADNRequestFile">SSLCADNRequestFile</a> <a name="sslcadnrequestfile" id="sslcadnrequestfile">Directive</a> <a title="Permanent link" href="#sslcadnrequestfile" class="permalink">¶</a></h2>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLCADNRequestFile "/usr/local/apache2/conf/ca-names.crt"</pre>
</div>
+<p>This file is read at server startup, while the server is still running
+as <code>root</code> (before privilege dropping), so it may be owned by
+and readable only by <code>root</code>. The file is not re-read during
+normal operation; a server restart is required for changes to take
+effect.</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCADNRequestPath" id="SSLCADNRequestPath">SSLCADNRequestPath</a> <a name="sslcadnrequestpath" id="sslcadnrequestpath">Directive</a> <a title="Permanent link" href="#sslcadnrequestpath" class="permalink">¶</a></h2>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLCADNRequestPath "/usr/local/apache2/conf/ca-names.crt/"</pre>
</div>
+<p>The files in this directory are read at server startup, while the server
+is still running as <code>root</code> (before privilege dropping), so they
+may be owned by and readable only by <code>root</code>. The files are not
+re-read during normal operation; a server restart is required for changes
+to take effect.</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCARevocationCheck" id="SSLCARevocationCheck">SSLCARevocationCheck</a> <a name="sslcarevocationcheck" id="sslcarevocationcheck">Directive</a> <a title="Permanent link" href="#sslcarevocationcheck" class="permalink">¶</a></h2>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLCARevocationFile "/usr/local/apache2/conf/ssl.crl/ca-bundle-client.crl"</pre>
</div>
+<p>This file is read at server startup, while the server is still running
+as <code>root</code> (before privilege dropping), so it may be owned by
+and readable only by <code>root</code>. The file is not re-read during
+normal operation; a server restart is required for changes to take
+effect.</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCARevocationPath" id="SSLCARevocationPath">SSLCARevocationPath</a> <a name="sslcarevocationpath" id="sslcarevocationpath">Directive</a> <a title="Permanent link" href="#sslcarevocationpath" class="permalink">¶</a></h2>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLCARevocationPath "/usr/local/apache2/conf/ssl.crl/"</pre>
</div>
+<p>The files in this directory are read at server startup, while the server
+is still running as <code>root</code> (before privilege dropping), so they
+may be owned by and readable only by <code>root</code>. The files are not
+re-read during normal operation; a server restart is required for changes
+to take effect.</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCertificateChainFile" id="SSLCertificateChainFile">SSLCertificateChainFile</a> <a name="sslcertificatechainfile" id="sslcertificatechainfile">Directive</a> <a title="Permanent link" href="#sslcertificatechainfile" class="permalink">¶</a></h2>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLCertificateChainFile "/usr/local/apache2/conf/ssl.crt/ca.crt"</pre>
</div>
+<p>This file is read at server startup, while the server is still running
+as <code>root</code> (before privilege dropping), so it may be owned by
+and readable only by <code>root</code>. The file is not re-read during
+normal operation; a server restart is required for changes to take
+effect.</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCertificateFile" id="SSLCertificateFile">SSLCertificateFile</a> <a name="sslcertificatefile" id="sslcertificatefile">Directive</a> <a title="Permanent link" href="#sslcertificatefile" class="permalink">¶</a></h2>
SSLCertificateFile "pkcs11:token=My%20Token%20Name;id=45"</pre>
</div>
+<p>This file is read at server startup, while the server is still running
+as <code>root</code> (before privilege dropping), so it may be owned by
+and readable only by <code>root</code>. The file is not re-read during
+normal operation; a server restart is required for changes to take
+effect.</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCertificateKeyFile" id="SSLCertificateKeyFile">SSLCertificateKeyFile</a> <a name="sslcertificatekeyfile" id="sslcertificatekeyfile">Directive</a> <a title="Permanent link" href="#sslcertificatekeyfile" class="permalink">¶</a></h2>
SSLCertificateKeyFile "pkcs11:token=My%20Token%20Name;id=45"</pre>
</div>
+<p>This file is read at server startup, while the server is still running
+as <code>root</code> (before privilege dropping), so it should be owned by
+and readable only by <code>root</code>, since it contains the private key.
+The file is not re-read during normal operation; a server restart is
+required for changes to take effect.</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLCipherSuite" id="SSLCipherSuite">SSLCipherSuite</a> <a name="sslciphersuite" id="sslciphersuite">Directive</a> <a title="Permanent link" href="#sslciphersuite" class="permalink">¶</a></h2>
projects / thirdparty / apache / httpd.git / commitdiff
