https://bz.apache.org/bugzilla/show_bug.cgi?id=66036
--- Comment #14 from Alex Ciobotaru <[email protected]> --- Soft token. The pkcs#11 implementation is validated extensively and as specified used with other OpenSSL clients (i.e. NGINX) with the same component stack. So the steps are: 1. Install stock httpd and mod_ssl. I'm using it with the default mpk_prefork 2. Setup a minimal virtual host entry and populate the SSLCertificateKeyFile with your pkcs#11 soft token server key URI 3. Issue /usr/sbin/httpd -k start (must start as forking otherwise we run into the same issue). Alternatively use my systemd [Service] file from above 4. Test curl on your test domain and validate the Apache hello page 5. Issue /usr/sbin/httpd -k graceful (This would trigger in production when you renew the certificate) 6. Test curl and notice the TLS error 7. Now /usr/sbin/httpd -k restart and notice that it works again -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
