[mirror_ovs.git] / lib / ssl-peer-ca-cert.man

.IP "\fB\-\-peer\-ca\-cert=\fIpeer-cacert.pem\fR"
Specifies a PEM file that contains one or more additional certificates
to send to SSL peers.  \fIpeer-cacert.pem\fR should be the CA
certificate used to sign \fB\*(PN\fR's own certificate, that is, the
certificate specified on \fB\-c\fR or \fB\-\-certificate\fR.  If
\fB\*(PN\fR's certificate is self-signed, then \fB\-\-certificate\fR
and \fB\-\-peer\-ca\-cert\fR should specify the same file.
.IP
This option is not useful in normal operation, because the SSL peer
must already have the CA certificate for the peer to have any
confidence in \fB\*(PN\fR's identity.  However, this offers a way for
a new installation to bootstrap the CA certificate on its first SSL
connection.
Commit	Line	Data
4e312e69	1	.IP "\fB\-\-peer\-ca\-cert=\fIpeer-cacert.pem\fR"
84ee7bcf BP	2	Specifies a PEM file that contains one or more additional certificates
84ee7bcf BP	3	to send to SSL peers. \fIpeer-cacert.pem\fR should be the CA
812560d7 BP	4	certificate used to sign \fB\*(PN\fR's own certificate, that is, the
	5	certificate specified on \fB\-c\fR or \fB\-\-certificate\fR. If
	6	\fB\*(PN\fR's certificate is self-signed, then \fB\-\-certificate\fR
	7	and \fB\-\-peer\-ca\-cert\fR should specify the same file.
84ee7bcf BP	8	.IP
	9	This option is not useful in normal operation, because the SSL peer
	10	must already have the CA certificate for the peer to have any
812560d7 BP	11	confidence in \fB\*(PN\fR's identity. However, this offers a way for
	12	a new installation to bootstrap the CA certificate on its first SSL
	13	connection.