You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2020/08/18 09:48:09 UTC

svn commit: r1880959 - /httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en

Author: rjung
Date: Tue Aug 18 09:48:08 2020
New Revision: 1880959

URL: http://svn.apache.org/viewvc?rev=1880959&view=rev
Log:
Xforms. [skip ci]

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en?rev=1880959&r1=1880958&r2=1880959&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl.html.en Tue Aug 18 09:48:08 2020
@@ -1949,6 +1949,13 @@ or additionally to <code>SSLProxyMachine
 <div class="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </div>
+<div class="warning">
+<p>Only keys encoded in PKCS1 RSA, DSA or EC format are supported.
+Keys encoded in PKCS8 format, ie. starting with
+"<code>-----BEGIN PRIVATE KEY-----</code>",
+must be converted, eg. using
+"<code>openssl rsa -in private-pkcs8.pem -outform pem</code>".</p>
+</div>
 <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLProxyMachineCertificateFile "/usr/local/apache2/conf/ssl.crt/proxy.pem"</pre>
 </div>
 
@@ -1975,6 +1982,13 @@ contain a PEM-encoded certificate and ma
 <div class="warning">
 <p>Currently there is no support for encrypted private keys</p>
 </div>
+<div class="warning">
+<p>Only keys encoded in PKCS1 RSA, DSA or EC format are supported.
+Keys encoded in PKCS8 format, ie. starting with
+"<code>-----BEGIN PRIVATE KEY-----</code>",
+must be converted, eg. using
+"<code>openssl rsa -in private-pkcs8.pem -outform pem</code>".</p>
+</div>
 <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">SSLProxyMachineCertificatePath "/usr/local/apache2/conf/proxy.crt/"</pre>
 </div>
 
@@ -2075,6 +2089,13 @@ source</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ssl</td></tr>
 </table>
+<div class="note"><h3>SSLRandomSeed is deprecated</h3>
+
+<p>The <code>SSLRandomSeed</code> directive is deprecated, and is
+completely ignored if httpd is built using OpenSSL version 1.1.1 or
+later.</p>
+</div>
+
 <p>
 This configures one or more sources for seeding the Pseudo Random Number
 Generator (PRNG) in OpenSSL at startup time (<em>context</em> is
@@ -2886,4 +2907,4 @@ if (typeof(prettyPrint) !== 'undefined')
     prettyPrint();
 }
 //--><!]]></script>
-</body></html>
\ No newline at end of file
+</body></html>