X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=lib%2Fssl-peer-ca-cert.man;h=5450b9ef477c3d8837c50558cf13927a469c58cd;hb=fe29af4c888d48cc1f16b1a247c2ffb6f0864522;hp=cfdd915ec1b23ad361a92d205a9541739ab25ab7;hpb=4e312e694f1e9e34ed0aad7d5778b73d7add270d;p=sliver-openvswitch.git

diff --git a/lib/ssl-peer-ca-cert.man b/lib/ssl-peer-ca-cert.man
index cfdd915ec..5450b9ef4 100644
--- a/lib/ssl-peer-ca-cert.man
+++ b/lib/ssl-peer-ca-cert.man
@@ -1,12 +1,13 @@
 .IP "\fB\-\-peer\-ca\-cert=\fIpeer-cacert.pem\fR"
 Specifies a PEM file that contains one or more additional certificates
 to send to SSL peers.  \fIpeer-cacert.pem\fR should be the CA
-certificate used to sign the \fB\*(PN\fR own certificate (the
-certificate specified on \fB\-c\fR or \fB\-\-certificate\fR).
+certificate used to sign \fB\*(PN\fR's own certificate, that is, the
+certificate specified on \fB\-c\fR or \fB\-\-certificate\fR.  If
+\fB\*(PN\fR's certificate is self-signed, then \fB\-\-certificate\fR
+and \fB\-\-peer\-ca\-cert\fR should specify the same file.
 .IP
 This option is not useful in normal operation, because the SSL peer
 must already have the CA certificate for the peer to have any
-confidence in \fB\*(PN\fR's identity.  However, this option allows a
-newly installed switch to obtain the peer CA certificate on first boot
-using, e.g., the \fB\-\-bootstrap\-ca\-cert\fR option to
-\fBovs\-openflowd\fR(8).
+confidence in \fB\*(PN\fR's identity.  However, this offers a way for
+a new installation to bootstrap the CA certificate on its first SSL
+connection.