You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2018/05/08 12:51:39 UTC

svn commit: r1831175 - in /httpd/httpd/trunk/docs/manual/mod: mod_ssl.html.en mod_ssl.xml.es mod_ssl.xml.fr mod_ssl.xml.meta quickreference.html.en

Author: jorton
Date: Tue May  8 12:51:38 2018
New Revision: 1831175

URL: http://svn.apache.org/viewvc?rev=1831175&view=rev
Log:
Transforms.

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.es
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.fr
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.meta
    httpd/httpd/trunk/docs/manual/mod/quickreference.html.en

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en?rev=1831175&r1=1831174&r2=1831175&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en Tue May  8 12:51:38 2018
@@ -611,15 +611,16 @@ confused in this situation.</p>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="SSLCertificateFile" id="SSLCertificateFile">SSLCertificateFile</a> <a name="sslcertificatefile" id="sslcertificatefile">Directive</a><a title="Permanent link" href="#sslcertificatefile" class="permalink">&para;</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Server PEM-encoded X.509 certificate data file</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLCertificateFile <var>file-path</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Server PEM-encoded X.509 certificate data file or token identifier</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SSLCertificateFile <var>file-path</var>|<var>certid</var></code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td><var>certid</var> available in 2.5.1 and later.</td></tr>
 </table>
 <p>
-This directive points to a file with certificate data in PEM format.
-At a minimum, the file must include an end-entity (leaf) certificate.
+This directive points to a file with certificate data in PEM format, or the certificate identifier through a configured cryptographic token.
+If using a PEM file, at minimum, the file must include an end-entity (leaf) certificate.
 The directive can be used multiple times (referencing different filenames)
 to support multiple algorithms for server authentication - typically
 RSA, DSA, and ECC. The number of supported algorithms depends on the
@@ -660,6 +661,14 @@ after the certificates using a separate
 key is encrypted, the pass phrase dialog is forced at startup time.
 </p>
 
+<p>As an alternative to storing certificates and private keys in
+files, a certificate identifier can be used to identify a certificate
+stored in a token.  Currently, only <a href="https://tools.ietf.org/html/rfc7512">PKCS#11 URIs</a> are
+recognized as certificate identifiers, and can be used in conjunction
+with the OpenSSL <code>pkcs11</code> engine configured with <code class="directive"><a href="#sslcryptodevice">SSLCryptoDevice</a></code>.  If <code class="directive"><a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></code> is omitted, the
+certificate and private key can be loaded through the single
+identifier specified with <code class="directive"><a href="#sslcertificatefile">SSLCertificateFile</a></code>.</p>
+
 <div class="note">
 <h3>DH parameter interoperability with primes &gt; 1024 bit</h3>
 <p>
@@ -703,7 +712,12 @@ thus using a custom/suitable length.
 </p>
 </div>
 
-<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLCertificateFile "/usr/local/apache2/conf/ssl.crt/server.crt"</pre>
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config"># Example using a PEM-encoded file.
+SSLCertificateFile "/usr/local/apache2/conf/ssl.crt/server.crt"
+# Example use of a certificate and private key from a PKCS#11 token:
+SSLCryptoDevice pkcs11
+...
+SSLCertificateFile "pkcs11:token=My%20Token%20Name;id=45"</pre>
 </div>
 
 </div>

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.es
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.es?rev=1831175&r1=1831174&r2=1831175&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.es [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.es [utf-8] Tue May  8 12:51:38 2018
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.es.xsl"?>
-<!-- English Revision: 1817381:1830879 (outdated) -->
+<!-- English Revision: 1817381:1831168 (outdated) -->
 <!-- Spanish Translation: Daniel Ferradal <df...@apache.org> -->
 
 <!--

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.fr?rev=1831175&r1=1831174&r2=1831175&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.fr [utf-8] (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.fr [utf-8] Tue May  8 12:51:38 2018
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision: 1830879 -->
+<!-- English Revision: 1830879:1831168 (outdated) -->
 <!-- French translation : Lucien GENTIS -->
 <!-- Reviewed by : Vincent Deffontaines -->
 

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.meta
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.meta?rev=1831175&r1=1831174&r2=1831175&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.meta (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.xml.meta Tue May  8 12:51:38 2018
@@ -9,6 +9,6 @@
   <variants>
     <variant>en</variant>
     <variant outdated="yes">es</variant>
-    <variant>fr</variant>
+    <variant outdated="yes">fr</variant>
   </variants>
 </metafile>

Modified: httpd/httpd/trunk/docs/manual/mod/quickreference.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/quickreference.html.en?rev=1831175&r1=1831174&r2=1831175&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/quickreference.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/quickreference.html.en Tue May  8 12:51:38 2018
@@ -1081,7 +1081,7 @@ Client Auth</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslcarevocationpath">SSLCARevocationPath <em>directory-path</em></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Directory of PEM-encoded CA CRLs for
 Client Auth</td></tr>
 <tr><td><a href="mod_ssl.html#sslcertificatechainfile">SSLCertificateChainFile <var>file-path</var></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">File of PEM-encoded Server CA Certificates</td></tr>
-<tr class="odd"><td><a href="mod_ssl.html#sslcertificatefile">SSLCertificateFile <var>file-path</var></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Server PEM-encoded X.509 certificate data file</td></tr>
+<tr class="odd"><td><a href="mod_ssl.html#sslcertificatefile">SSLCertificateFile <var>file-path</var>|<var>certid</var></a></td><td></td><td>sv</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Server PEM-encoded X.509 certificate data file or token identifier</td></tr>
 <tr><td><a href="mod_ssl.html#sslcertificatekeyfile">SSLCertificateKeyFile <var>file-path</var>|<var>keyid</var></a></td><td></td><td>sv</td><td>E</td></tr><tr><td class="descr" colspan="4">Server PEM-encoded private key file</td></tr>
 <tr class="odd"><td><a href="mod_ssl.html#sslciphersuite">SSLCipherSuite [<em>protocol</em>] <em>cipher-spec</em></a></td><td> DEFAULT (depends on +</td><td>svdh</td><td>E</td></tr><tr class="odd"><td class="descr" colspan="4">Cipher Suite available for negotiation in SSL
 handshake</td></tr>