From c18514225db2835dfe22843100307c4bc8a59576 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 5 Aug 2024 12:00:11 +0200 Subject: Merging upstream version 2.4.62. Signed-off-by: Daniel Baumann --- docs/manual/mod/mod_ssl.html.en | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'docs/manual/mod/mod_ssl.html.en') diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en index ee92ffb..3fc8a48 100644 --- a/docs/manual/mod/mod_ssl.html.en +++ b/docs/manual/mod/mod_ssl.html.en @@ -661,7 +661,7 @@ key is encrypted, the pass phrase dialog is forced at startup time. files, a certificate identifier can be used to identify a certificate stored in a token. Currently, only PKCS#11 URIs are recognized as certificate identifiers, and can be used in conjunction -with the OpenSSL pkcs11 engine. If SSLCertificateKeyFile is omitted, the +with the OpenSSL pkcs11 engine or provider. If SSLCertificateKeyFile is omitted, the certificate and private key can be loaded through the single identifier specified with SSLCertificateFile.

@@ -749,7 +749,7 @@ key file.

identifier can be used to identify a private key stored in a token. Currently, only PKCS#11 URIs are recognized as private key identifiers, and can be used in conjunction with the OpenSSL -pkcs11 engine.

+pkcs11 engine or provider.

Example

# To use a private key from a PEM-encoded file:
 SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key"
@@ -983,6 +983,15 @@ separate "-engine" releases of OpenSSL 0.9.6 must be used.

 SSLCryptoDevice ubsec
+

+With OpenSSL 3.0 or later, if no engine is specified but the key or certificate +is specified using a PKCS#11 URIs +then it is tried to load the key and certificate from an OpenSSL provider. +The OpenSSL provider to use must be defined and configured in the OpenSSL config file, +and it must support the STORE method +for PKCS#11 URIs. +

+
top

SSLEngine Directive

-- cgit v1.2.3