stored in a token. Currently, only <a
href="https://tools.ietf.org/html/rfc7512">PKCS#11 URIs</a> are
recognized as certificate identifiers, and can be used in conjunction
-with the OpenSSL <code>pkcs11</code> engine configured with <directive
-module="mod_ssl">SSLCryptoDevice</directive>. If <directive
+with the OpenSSL <code>pkcs11</code> engine. If <directive
module="mod_ssl">SSLCertificateKeyFile</directive> is omitted, the
certificate and private key can be loaded through the single
identifier specified with <directive
# Example using a PEM-encoded file.
SSLCertificateFile "/usr/local/apache2/conf/ssl.crt/server.crt"
# Example use of a certificate and private key from a PKCS#11 token:
-SSLCryptoDevice pkcs11
-...
SSLCertificateFile "pkcs11:token=My%20Token%20Name;id=45"
</highlight>
</example>
key file.</p>
<p>As an alternative to storing private keys in files, a key
-identifier can be specified to identify a private key stored in a
+identifier can be used to identify a private key stored in a
token. Currently, only <a href="https://tools.ietf.org/html/rfc7512">PKCS#11 URIs</a> are recognized as private key
identifiers, and can be used in conjunction with the OpenSSL
-<code>pkcs11</code> engine configured with <directive
-module="mod_ssl">SSLCryptoDevice</directive>.</p>
+<code>pkcs11</code> engine.</p>
<example><title>Example</title>
<highlight language="config">
# To use a private key from a PEM-encoded file:
SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key/server.key"
# To use a private key from a PKCS#11 token:
-SSLCryptoDevice pkcs11
-...
SSLCertificateKeyFile "pkcs11:token=My%20Token%20Name;id=45"
</highlight>
</example>
projects / apache / commitdiff