X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=lib%2Fssl-peer-ca-cert.man;h=5450b9ef477c3d8837c50558cf13927a469c58cd;hb=HEAD;hp=183f93ea24db62c614446a13e02a43a2a7595ce1;hpb=c69ee87c10818267f991236201150b1fa51ae519;p=sliver-openvswitch.git

diff --git a/lib/ssl-peer-ca-cert.man b/lib/ssl-peer-ca-cert.man
index 183f93ea2..5450b9ef4 100644
--- a/lib/ssl-peer-ca-cert.man
+++ b/lib/ssl-peer-ca-cert.man
@@ -1,12 +1,13 @@
-.IP "\fB--peer-ca-cert=\fIpeer-cacert.pem\fR"
+.IP "\fB\-\-peer\-ca\-cert=\fIpeer-cacert.pem\fR"
 Specifies a PEM file that contains one or more additional certificates
 to send to SSL peers.  \fIpeer-cacert.pem\fR should be the CA
-certificate used to sign the \fB\*(PN\fR own certificate (the
-certificate specified on \fB-c\fR or \fB--certificate\fR).
+certificate used to sign \fB\*(PN\fR's own certificate, that is, the
+certificate specified on \fB\-c\fR or \fB\-\-certificate\fR.  If
+\fB\*(PN\fR's certificate is self-signed, then \fB\-\-certificate\fR
+and \fB\-\-peer\-ca\-cert\fR should specify the same file.
 .IP
 This option is not useful in normal operation, because the SSL peer
 must already have the CA certificate for the peer to have any
-confidence in \fB\*(PN\fR's identity.  However, this option allows a
-newly installed switch to obtain the peer CA certificate on first boot
-using, e.g., the \fB\-\-bootstrap-ca-cert\fR option to
-\fBovs\-openflowd\fR(8).
+confidence in \fB\*(PN\fR's identity.  However, this offers a way for
+a new installation to bootstrap the CA certificate on its first SSL
+connection.