config: Improve the description of the ca-cert-file directive

[privoxy.git] / doc / source / p-config.sgml

diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index 89a094c..30f5701 100644 (file)
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -4007,7 +4007,18 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
     in ".crt" format.
    </para>
    <para>
-    It can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+    The file is used by &my-app; to generate website certificates
+    when https filtering is enabled with the
+    <literal><ulink url="actions-file.html#ENABLE-HTTP-FILTERING">enable-https-filtering</ulink></literal>
+    action.
+   </para>
+   <para>
+    &my-app; clients should import the certificate so that they
+    can validate the generated certificates.
+   </para>
+   <para>
+    The file can be generated with:
+    openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
    </para>
   </listitem>
  </varlistentry>
@@ -4186,6 +4197,11 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t</title>
     This directive specifies the directory where generated
     TLS/SSL keys and certificates are saved.
    </para>
+   <para>
+    The keys and certificates currently have to be deleted manually
+    when changing the <ulink url="#CA-CERT-FILE">ca-cert-file</ulink>
+    and the <ulink url="#CA-CERT-KEY">ca-cert-key</ulink>.
+   </para>
    <para>
     The permissions should only let &my-app; and the  &my-app;
     admin access the directory.