in ".crt" format.
</para>
<para>
- It can be generated with: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+ The file is used by &my-app; to generate website certificates
+ when https filtering is enabled with the
+ <literal><ulink url="actions-file.html#ENABLE-HTTP-FILTERING">enable-https-filtering</ulink></literal>
+ action.
+ </para>
+ <para>
+ &my-app; clients should import the certificate so that they
+ can validate the generated certificates.
+ </para>
+ <para>
+ The file can be generated with:
+ openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
</para>
</listitem>
</varlistentry>
<listitem>
<para>
This directive specifies the directory where generated
- TLS/SSL keys and certificates are saved.
+ TLS/SSL keys and certificates are saved when https filtering
+ is enabled with the
+ <literal><ulink url="actions-file.html#ENABLE-HTTP-FILTERING">enable-https-filtering</ulink></literal>
+ action.
</para>
<para>
The keys and certificates currently have to be deleted manually
<listitem>
<para>
This directive specifies the trusted CAs file that is used when validating
- certificates for intercepted TLS/SSL request.
+ certificates for intercepted TLS/SSL requests.
</para>
<para>
An example file can be downloaded from