The documentation of mod_ssl's SSLCertificateKeyFile Directive contains the following paragraph in French: La clé privé peut aussi être ajoutée au fichier défini par la directive SSLCertificateFile, mais cette pratique est fortement déconseillée. En effet, les fichiers de certificats qui comportent une telle clé doivent être définis après les certificats en utilisant un fichier de clé séparé. I know little about mod_ssl, but I cannot make sense of the last sentence. The sentence is fairly different from its English version: The private key may also be combined with the certificate in the file given by SSLCertificateFile, but this practice is highly discouraged. If it is used, the certificate files using such an embedded key must be configured after the certificates using a separate key file. There may be a translation issue, but I must admit I also cannot make sense of the English version (I cannot figure out which files "the certificate files using such an embedded key" refers to). By the way, "clé" is feminine, so "privé" should accordingly read "privée". https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile
Thanks for spotting at this. I added missing "e" and rewrote the sentence in trunk and 2.4 branches. See the doc and please feel free to tell if it's OK or not.
Thanks Lucien I agree that the beginning now sticks to the English version. As for the main part of the sentence though, I do not know if the change helps or hurts. I'm afraid I still don't understand the sentence, either in English or French, so I can't judge if the French version is correct or not. Perhaps adding an example about that case would at least help me understand what it is about.
It says that, if you wish a "normal" configuration, you have to put your certificate and your key in two separate files, and type SSLCertificateFile <your certificate file> SSLCertificateKeyFile <your key file> and that, if you put your certificate AND your key in one unique file, which is discouraged, you have to type SSLCertificateFile <your certificate/key file> but after all declarations using a separate key file like the two declarations above..
Thank you Lucien, I think I understand now. The related paragraph for the SSLCertificateFile needs to be reviewed too, in particular the following sentence: En effet, les fichiers de certificats qui contiennent de tels clés embarquées doivent être définis avant les certificats en utilisant un fichier de clé séparé.
Yes, trunk and 2.4 branches corrected. Thanks
Thank you again Lucien, this is much better now. The paragraph in SSLCertificateFile still contains an implication which is not in the English version: Enfin, il est aussi possible d'ajouter la clé privée du certificat de l'entité finale au fichier de certificat, ce qui permet de se passer d'une directive SSLCertificateKeyFile séparée. Cette pratique est cependant fortement déconseillée. En effet, les fichiers de certificat qui contiennent de telles clés embarquées doivent être définis après les certificats qui utilisent un fichier de clé séparé. "En effet" implies that the [main] reason why the practice is discouraged is the lack of support for any ordering of the directives. I wonder if that is really the case, or if the practice is discouraged for another reason. Ultimately though, this comes from a lack of clarity in the English version.
OK, as for SSLCertificateKeyFile paragraph, I replaced "En effet," by "Dans ce cas,'
I am sorry Lucien but I am missing something about comment #7. Was SSLCertificateKeyFile not already fine? Was it not SSLCertificateFile which still had the implication "En effet"?
Both directives had the implication "En effet"
Yes, but should the remaining one (in SSLCertificateFile) be tracked in a separate ticket?
There are no more such false implications. If you didn't see it, that's because the french doc had not already been rebuilt. Yet it has been. reload mod_ssl page and you will see the changes
Ah, I see now. Merci Lucien I still think that part is unclear, but I now consider the French version on par with the English version. Therefore, I am marking this issue as resolved and will consider reporting a separate issue against the English version now that Lucien explained what it means.