Update Configuration.md

Author: kwin

docs/Configuration.md

@@ -171,7 +171,7 @@ Each key entry in the `keys` section stands for a key alias in the key store. Th
 
 property | comment | required
 --- | --- | ---
-private | The PKCS#8 private key in one of the following formats: [PKCS#8 PEM](https://tools.ietf.org/html/rfc7468#section-10) (optionally encrypted with AEM's Crypto Support) or [PKCS#8 Encrypted PEM](https://tools.ietf.org/html/rfc7468#section-11). One of the following approaches can be used for protecting the sensitive private key: <br/>1. Use value interpolation with secrets with an [unencrypted PKCS#8 private key](https://tools.ietf.org/html/rfc7468#section-10) (only supported on AEMaaCS and since v2.7.0, **recommended option for AEMaaCS**) </br>2. Use AEM Crypto Support to encrypt the [unencrypted PKCS#8 private key](https://tools.ietf.org/html/rfc7468#section-10) (only supported since v2.7.0, **recommended option for AEM Classic**)</br>3. Use [encrypted PKCS#8 private keys](https://tools.ietf.org/html/rfc7468#section-11) (better algorithms only supported with Bouncy Castle and even those provide weaker encryption than 1. or 2, therefore **rather use one of the other options**). In this case the encryption password must be given in `privatePassword` ()</br>Non-encrypted keys should be used with care! In case of encrypted private keys  | yes
+private | The PKCS#8 private key in one of the following formats: [PKCS#8 PEM](https://tools.ietf.org/html/rfc7468#section-10) (optionally encrypted with AEM's Crypto Support) or [PKCS#8 Encrypted PEM](https://tools.ietf.org/html/rfc7468#section-11). One of the following approaches can be used for protecting the sensitive private key: <br/>1. Use value interpolation with secrets with an [unencrypted PKCS#8 private key](https://tools.ietf.org/html/rfc7468#section-10) (only supported on AEMaaCS and since v2.7.0, **recommended option for AEMaaCS**) </br>2. Use AEM Crypto Support to encrypt the [unencrypted PKCS#8 private key](https://tools.ietf.org/html/rfc7468#section-10) (only supported since v2.7.0, **recommended option for AEM Classic**)</br>3. Use [encrypted PKCS#8 private keys](https://tools.ietf.org/html/rfc7468#section-11) (better algorithms only supported with Bouncy Castle and even those provide weaker encryption than 1. or 2, therefore **rather use one of the other options**). In this case the encryption password must be given in `privatePassword`. Non-encrypted keys should be used with care! | yes
 privatePassword | The password for decrypting the encrypted private key. Only necessary if the (no longer recommended) encryption approach 3. from above is chosen. The password itself can be encrypted with the AEM Crypto Support (i.e. encrypted with the AEM master key of the according instance). Alternatively one can rely on value interpolation for this value. Once the key is added to the keystore this password is no longer relevant as then the private key is encrypted with the password of the AEM keystore itself. | no
 public | The public DER key in PEM format as defined in [RFC 7468](https://tools.ietf.org/html/rfc7468#section-13). . If both `certificate` and `public` are set `certificate` takes precedence. | no (either public or certificate needs to be set)
 certificate | The certificate in PEM format as defined in [RFC 7468](https://tools.ietf.org/html/rfc7468#section-5.1). If both `certificate` and `public` are set `certificate` takes precedence. | no (either public or certificate needs to be set)
@@ -313,4 +313,4 @@ First the validation of the different configuration lines is performed and gets
 If issues occur during the application of the configurations in CRX the installation has to be aborted and the previous state has to stay untouched. Therefore the session used for the installation only gets saved if no issues occurred thus persisting the changes.
 
 
-[bouncycastle]: https://www.bouncycastle.org/
+[bouncycastle]: https://www.bouncycastle.org/