From 18746a094e0ebfe3f16cc34c765e69e707e4c1ad Mon Sep 17 00:00:00 2001
From: "Chris St. Pierre" <chris.a.st.pierre@gmail.com>
Date: Mon, 27 Aug 2012 13:46:51 -0400
Subject: Docs: cleaned up SSLCA docs

---
 doc/server/plugins/generators/sslca.txt | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/doc/server/plugins/generators/sslca.txt b/doc/server/plugins/generators/sslca.txt
index d2b051535..4c7f1d97f 100644
--- a/doc/server/plugins/generators/sslca.txt
+++ b/doc/server/plugins/generators/sslca.txt
@@ -49,7 +49,8 @@ must contain full (not relative) paths.
    certificate.  This is used when preexisting certifcate hostfiles are found, so
    that they can be validated and only regenerated if they no longer meet the
    specification. If you're using a self signing CA this would be the CA cert
-   that you generated.
+   that you generated.  If the chain cert is a root CA cert (e.g., if it is a
+   self-signing CA), also add an entry ``root_ca = true``.
 
 #. Optionally, add ``verify_certs = false`` if you don't wish to
    perform certificate verification on the certs SSLCA generates.
@@ -64,6 +65,7 @@ must contain full (not relative) paths.
        config = /etc/pki/CA/openssl.cnf
        passphrase = youReallyThinkIdShareThis?
        chaincert = /etc/pki/CA/chaincert.crt
+       root_ca = true
 
 #. You are now ready to create key and certificate definitions.  For this
    example we'll assume you've added Path entries for the key,
-- 
cgit v1.2.3-1-g7c22