https://bz.apache.org/bugzilla/show_bug.cgi?id=66474
Bug ID: 66474
Summary: mod_ssl SSLCertificate[Key]File Directives description
unclear regarding combined public/private files
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: chealer@gmail.com
Target Milestone: ---
The documentation of mod_ssl's SSLCertificateFile Directive contains the
following paragraph:
Finally the end-entity certificate's private key can also be added to the
certificate file instead of using a separate SSLCertificateKeyFile directive.
This practice is highly discouraged. If it is used, the certificate files using
such an embedded key must be configured after the certificates using a separate
key file. If the private key is encrypted, the pass phrase dialog is forced at
startup time.
SSLCertificateKeyFile's contains a similar paragraph:
The private key may also be combined with the certificate in the file given by
SSLCertificateFile, but this practice is highly discouraged. If it is used, the
certificate files using such an embedded key must be configured after the
certificates using a separate key file.
These paragraphs are both unclear about the reason why the mentioned practice
is highly discouraged. According to what Lucien Gentis wrote in ticket #66384,
the constraint mentioned is that directives cannot be freely ordered when such
directives are used.
Please clarify the constraint and explain why the practice is discouraged. I
suggest to replace SSLCertificateKeyFile's paragraph with:
The private key may also be combined with the certificate in the file given by
SSLCertificateFile, but this practice is highly discouraged. If it is used, the
directives with certificate files using such an embedded key must follow
directives with certificates using a separate key file.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Bug ID: 66474
Summary: mod_ssl SSLCertificate[Key]File Directives description
unclear regarding combined public/private files
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: chealer@gmail.com
Target Milestone: ---
The documentation of mod_ssl's SSLCertificateFile Directive contains the
following paragraph:
Finally the end-entity certificate's private key can also be added to the
certificate file instead of using a separate SSLCertificateKeyFile directive.
This practice is highly discouraged. If it is used, the certificate files using
such an embedded key must be configured after the certificates using a separate
key file. If the private key is encrypted, the pass phrase dialog is forced at
startup time.
SSLCertificateKeyFile's contains a similar paragraph:
The private key may also be combined with the certificate in the file given by
SSLCertificateFile, but this practice is highly discouraged. If it is used, the
certificate files using such an embedded key must be configured after the
certificates using a separate key file.
These paragraphs are both unclear about the reason why the mentioned practice
is highly discouraged. According to what Lucien Gentis wrote in ticket #66384,
the constraint mentioned is that directives cannot be freely ordered when such
directives are used.
Please clarify the constraint and explain why the practice is discouraged. I
suggest to replace SSLCertificateKeyFile's paragraph with:
The private key may also be combined with the certificate in the file given by
SSLCertificateFile, but this practice is highly discouraged. If it is used, the
directives with certificate files using such an embedded key must follow
directives with certificates using a separate key file.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org