I tested the patch altering the SSLCertificate* directives with httpd-2.4.x and OpenSSL-1.0.2-dev: https://people.apache.org/~kbrand/mod_ssl-2.4.x-certkeyfile.diff
When putting certificate, CA and encrypted private key all in one file and using only the directive SSLCertificateFile, I encountered the following: there was no prompt for the passphrase and the errorlog showed this: [ssl|debug] AH01893: Configuring TLS extension handling [ssl|emerg] AH02573: Init: No private key specified for foo.bar:443:0 [ssl:emerg] [pid 28533] AH02312: Fatal error initialising mod_ssl, exiting. [ssl|emerg] AH02564: Failed to configure encrypted (?) private key foo.bar:443:0, check /opt/apache/conf/ssl/foo.bar.enc [ssl|emerg] SSL Library Error: error:0906A068:PEM routines:PEM_do_header:bad password read -- You entered an incorrect pass phrase!? [ssl|emerg] SSL Library Error: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib AH00016: Configuration Failed It worked perfectly fine if the private key is not encrypted. Specifying the private key using SSLCertificateKeyFile also worked and prompted for the passphrase. According to updated docs it should be possible to also put an encrypted private key alongside its certificate in one file using SSLCertificateFile. Am I missing something here?
