From c18514225db2835dfe22843100307c4bc8a59576 Mon Sep 17 00:00:00 2001
From: Daniel Baumann pkcs11
engine. If SSLCertificateKeyFile
is omitted, the
+with the OpenSSL pkcs11
engine or provider. If SSLCertificateKeyFile
is omitted, the
certificate and private key can be loaded through the single
identifier specified with SSLCertificateFile
.
pkcs11
engine.
+pkcs11
engine or provider.
# To use a private key from a PEM-encoded file: SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key" @@ -983,6 +983,15 @@ separate "-engine" releases of OpenSSL 0.9.6 must be used. SSLCryptoDevice ubsec
+With OpenSSL 3.0 or later, if no engine is specified but the key or certificate +is specified using a PKCS#11 URIs +then it is tried to load the key and certificate from an OpenSSL provider. +The OpenSSL provider to use must be defined and configured in the OpenSSL config file, +and it must support the STORE method +for PKCS#11 URIs. +
+