You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by rj...@apache.org on 2020/08/18 10:13:35 UTC

svn commit: r1880960 - /httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml

Author: rjung
Date: Tue Aug 18 10:13:35 2020
New Revision: 1880960

URL: http://svn.apache.org/viewvc?rev=1880960&view=rev
Log:
Document limitations for private key format in
SSLProxyMachineCertificateFile and
SSLProxyMachineCertificatePath. PR 63935.

Backport of r1880958 from trunk.

[skip ci]

Modified:
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1880960&r1=1880959&r2=1880960&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Tue Aug 18 10:13:35 2020
@@ -1833,6 +1833,13 @@ directory contains the appropriate symbo
 <note type="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </note>
+<note type="warning">
+<p>Only keys encoded in PKCS1 RSA, DSA or EC format are supported.
+Keys encoded in PKCS8 format, ie. starting with
+&quot;<code>-----BEGIN PRIVATE KEY-----</code>&quot;,
+must be converted, eg. using
+&quot;<code>openssl rsa -in private-pkcs8.pem -outform pem</code>&quot;.</p>
+</note>
 <example><title>Example</title>
 <highlight language="config">
 SSLProxyMachineCertificatePath "/usr/local/apache2/conf/proxy.crt/"
@@ -1863,6 +1870,13 @@ or additionally to <code>SSLProxyMachine
 <note type="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </note>
+<note type="warning">
+<p>Only keys encoded in PKCS1 RSA, DSA or EC format are supported.
+Keys encoded in PKCS8 format, ie. starting with
+&quot;<code>-----BEGIN PRIVATE KEY-----</code>&quot;,
+must be converted, eg. using
+&quot;<code>openssl rsa -in private-pkcs8.pem -outform pem</code>&quot;.</p>
+</note>
 <example><title>Example</title>
 <highlight language="config">
 SSLProxyMachineCertificateFile "/usr/local/apache2/conf/ssl.crt/proxy.pem"