diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-10-26 14:54:28 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-10-26 14:54:28 +0000 |
| commit | 2e2b111b697b7f96e756aa72440ad75e06f6dca9 (patch) | |
| tree | 6b3aa553e31133ad18d8741447c5f65e2be4a026 | |
| parent | 723fe533c452eb258a5a7e0b808d714bbbc7cb01 (diff) | |
Expand commentary on certificate files
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d3a28a40a..8552400cf 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -26197,8 +26197,11 @@ tls_privatekey = /some/file/name These options are, in fact, expanded strings, so you can make them depend on the identity of the client that is connected if you wish. The first file contains the server's X509 certificate, and the second contains the private key -that goes with it. These files need to be readable by the Exim user, and must -always be given as full path names. They can be the same file if both the +that goes with it. These files need to be +PEM format and readable by the Exim user, and must +always be given as full path names. +The key must not be password-protected. +They can be the same file if both the certificate and the key are contained within it. If &%tls_privatekey%& is not set, or if its expansion is forced to fail or results in an empty string, this is assumed to be the case. The certificate file may also contain intermediate |