From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 6 Dec 2011 22:44:26 +0000 (+1300)
Subject: Docs: mention ssl_crtd DB needs clearing after CA changes.
X-Git-Tag: BumpSslServerFirst.take05~12^2~132
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5c2b4745be3a4dab23bc73935830ee881d94d56e;p=thirdparty%2Fsquid.git

Docs: mention ssl_crtd DB needs clearing after CA changes.
---

diff --git a/src/ssl/ssl_crtd.8 b/src/ssl/ssl_crtd.8
index 9f98fa4000..778f209f92 100644
--- a/src/ssl/ssl_crtd.8
+++ b/src/ssl/ssl_crtd.8
@@ -88,6 +88,16 @@ Display the binary version details using stderr.
 .
 .SH KNOWN ISSUES
 .PP
+.B SSL errors after changing the CA
+.
+.PP
+Certificates are stored in this database in signed form.
+After any change to the signing CA in squid.conf be sure to erase and re-initialize the certificate database.
+.
+.PP
+.B Certificate chaining
+.
+.PP
 The version 1.0 of this helper will not add chained intermediate CA certificates.
 The client must have a full chain of trust from the root CA all the way
 down to the end certificate generated by this program.
@@ -109,6 +119,10 @@ For example:
 .if !'po4a'hide' .RE
 .
 .PP
+Certificates are stored in this database in signed form.
+After any change to the signing CA in squid.conf be sure to erase and re-initialize the certificate database.
+.
+.PP
 For simple configuration the helper defaults can be used.
 Only HTTP listening port options are required to enable generation and set the signign CA certificate.
 For Example: