Changeset 97c930f in mod_gnutls


Ignore:
Timestamp:
Jun 27, 2015, 1:30:15 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
90d8480
Parents:
e391197
git-author:
Thomas Klute <thomas2.klute@…> (06/27/15 13:29:30)
git-committer:
Thomas Klute <thomas2.klute@…> (06/27/15 13:30:15)
Message:

Update documentation for use of X.509 keys and certificates

GnuTLSCertificateFile and GnuTLSKeyFile now accept PKCS #11 URLs, and a
key file may be encrypted if GnuTLSPIN is set to the key.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • doc/mod_gnutls_manual.mdwn

    re391197 r97c930f  
    150150as the last certificate in the list.
    151151
     152Since version 0.7 this can be a PKCS #11 URL.
     153
    152154`GnuTLSKeyFile`
    153155---------------
     
    160162Context: server config, virtual host
    161163
    162 Takes an absolute or relative path to the Server Private Key. This key
    163 cannot currently be password protected.
     164Takes an absolute or relative path to the Server Private Key. Set
     165`GnuTLSPIN` if the key file is encrypted.
     166
     167Since version 0.7 this can be a PKCS #11 URL.
    164168
    165169**Security Warning:**\
    166  This private key must be protected. It is read while Apache is still
     170This private key must be protected. It is read while Apache is still
    167171running as root, and does not need to be readable by the nobody or
    168172apache user.
Note: See TracChangeset for help on using the changeset viewer.