summaryrefslogtreecommitdiffstats
path: root/docs/manual/mod/mod_ssl.html.en
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docs/manual/mod/mod_ssl.html.en13
1 files changed, 11 insertions, 2 deletions
diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
index ee92ffb..3fc8a48 100644
--- a/docs/manual/mod/mod_ssl.html.en
+++ b/docs/manual/mod/mod_ssl.html.en
@@ -661,7 +661,7 @@ key is encrypted, the pass phrase dialog is forced at startup time.
files, a certificate identifier can be used to identify a certificate
stored in a token. Currently, only <a href="https://tools.ietf.org/html/rfc7512">PKCS#11 URIs</a> are
recognized as certificate identifiers, and can be used in conjunction
-with the OpenSSL <code>pkcs11</code> engine. If <code class="directive"><a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></code> is omitted, the
+with the OpenSSL <code>pkcs11</code> engine or provider. If <code class="directive"><a href="#sslcertificatekeyfile">SSLCertificateKeyFile</a></code> is omitted, the
certificate and private key can be loaded through the single
identifier specified with <code class="directive"><a href="#sslcertificatefile">SSLCertificateFile</a></code>.</p>
@@ -749,7 +749,7 @@ key file.</p>
identifier can be used to identify a private key stored in a
token. Currently, only <a href="https://tools.ietf.org/html/rfc7512">PKCS#11 URIs</a> are recognized as private key
identifiers, and can be used in conjunction with the OpenSSL
-<code>pkcs11</code> engine.</p>
+<code>pkcs11</code> engine or provider.</p>
<div class="example"><h3>Example</h3><pre class="prettyprint lang-config"># To use a private key from a PEM-encoded file:
SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key"
@@ -983,6 +983,15 @@ separate "-engine" releases of OpenSSL 0.9.6 must be used.</p>
SSLCryptoDevice ubsec</pre>
</div>
+<p>
+With OpenSSL 3.0 or later, if no engine is specified but the key or certificate
+is specified using a <a href="https://tools.ietf.org/html/rfc7512">PKCS#11 URIs</a>
+then it is tried to load the key and certificate from an OpenSSL provider.
+The OpenSSL provider to use must be defined and configured in the OpenSSL config file,
+and it must support the <a href="https://www.openssl.org/docs/man3.0/man7/provider-storemgmt.html">STORE method</a>
+for <a href="https://tools.ietf.org/html/rfc7512">PKCS#11 URIs</a>.
+</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SSLEngine" id="SSLEngine">SSLEngine</a> <a name="sslengine" id="sslengine">Directive</a></h2>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-20 13:24:11 +0000