odp-util: Format and scan multiple MPLS labels.

[cascardo/ovs.git] / lib / ssl-peer-ca-cert.man

diff --git a/lib/ssl-peer-ca-cert.man b/lib/ssl-peer-ca-cert.man
index cfdd915..5450b9e 100644 (file)
--- a/lib/ssl-peer-ca-cert.man
+++ b/lib/ssl-peer-ca-cert.man
@@ -1,12 +1,13 @@
 .IP "\fB\-\-peer\-ca\-cert=\fIpeer-cacert.pem\fR"
 Specifies a PEM file that contains one or more additional certificates
 to send to SSL peers.  \fIpeer-cacert.pem\fR should be the CA
-certificate used to sign the \fB\*(PN\fR own certificate (the
-certificate specified on \fB\-c\fR or \fB\-\-certificate\fR).
+certificate used to sign \fB\*(PN\fR's own certificate, that is, the
+certificate specified on \fB\-c\fR or \fB\-\-certificate\fR.  If
+\fB\*(PN\fR's certificate is self-signed, then \fB\-\-certificate\fR
+and \fB\-\-peer\-ca\-cert\fR should specify the same file.
 .IP
 This option is not useful in normal operation, because the SSL peer
 must already have the CA certificate for the peer to have any
-confidence in \fB\*(PN\fR's identity.  However, this option allows a
-newly installed switch to obtain the peer CA certificate on first boot
-using, e.g., the \fB\-\-bootstrap\-ca\-cert\fR option to
-\fBovs\-openflowd\fR(8).
+confidence in \fB\*(PN\fR's identity.  However, this offers a way for
+a new installation to bootstrap the CA certificate on its first SSL
+connection.