diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-05 10:00:11 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-05 10:00:11 +0000 |
| commit | c18514225db2835dfe22843100307c4bc8a59576 (patch) | |
| tree | a1b48aadefb830f35ed3fb0b3fa373751840b0cd /docs/manual/mod/mod_ssl.html.en | |
| parent | Releasing progress-linux version 2.4.61-1~progress7.99u1. (diff) | |
| download | apache2-c18514225db2835dfe22843100307c4bc8a59576.tar.xz apache2-c18514225db2835dfe22843100307c4bc8a59576.zip | |
Merging upstream version 2.4.62.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/manual/mod/mod_ssl.html.en')
| -rw-r--r-- | docs/manual/mod/mod_ssl.html.en | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index ee92ffb..3fc8a48 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -661,7 +661,7 @@ key is encrypted, the pass phrase dialog is forced at startup time. files, a certificate identifier can be used to identify a certificate stored in a token. Currently, only <a href="https://tools.ietf.org/html/rfc7512">PKCS#11 URIs</a> are recognized as certificate identifiers, and can be used in conjunction -with the OpenSSL <code>pkcs11</code> engine. If <code class="directive"><a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></code> is omitted, the +with the OpenSSL <code>pkcs11</code> engine or provider. If <code class="directive"><a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></code> is omitted, the certificate and private key can be loaded through the single identifier specified with <code class="directive"><a href="#sslcertificatefile">SSLCertificateFile</a></code>.</p> @@ -749,7 +749,7 @@ key file.</p> identifier can be used to identify a private key stored in a token. Currently, only <a href="https://tools.ietf.org/html/rfc7512">PKCS#11 URIs</a> are recognized as private key identifiers, and can be used in conjunction with the OpenSSL -<code>pkcs11</code> engine.</p> +<code>pkcs11</code> engine or provider.</p> <div class="example"><h3>Example</h3><pre class="prettyprint lang-config"># To use a private key from a PEM-encoded file: SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key" @@ -983,6 +983,15 @@ separate "-engine" releases of OpenSSL 0.9.6 must be used.</p> SSLCryptoDevice ubsec</pre> </div> +<p> +With OpenSSL 3.0 or later, if no engine is specified but the key or certificate +is specified using a <a href="https://tools.ietf.org/html/rfc7512">PKCS#11 URIs</a> +then it is tried to load the key and certificate from an OpenSSL provider. +The OpenSSL provider to use must be defined and configured in the OpenSSL config file, +and it must support the <a href="https://www.openssl.org/docs/man3.0/man7/provider-storemgmt.html">STORE method</a> +for <a href="https://tools.ietf.org/html/rfc7512">PKCS#11 URIs</a>. +</p> + </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="SSLEngine" id="SSLEngine">SSLEngine</a> <a name="sslengine" id="sslengine">Directive</a></h2> |