From 2e2b111b697b7f96e756aa72440ad75e06f6dca9 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 26 Oct 2014 14:54:28 +0000 Subject: [PATCH] Expand commentary on certificate files --- doc/doc-docbook/spec.xfpt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d3a28a40a..8552400cf 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -26197,8 +26197,11 @@ tls_privatekey = /some/file/name These options are, in fact, expanded strings, so you can make them depend on the identity of the client that is connected if you wish. The first file contains the server's X509 certificate, and the second contains the private key -that goes with it. These files need to be readable by the Exim user, and must -always be given as full path names. They can be the same file if both the +that goes with it. These files need to be +PEM format and readable by the Exim user, and must +always be given as full path names. +The key must not be password-protected. +They can be the same file if both the certificate and the key are contained within it. If &%tls_privatekey%& is not set, or if its expansion is forced to fail or results in an empty string, this is assumed to be the case. The certificate file may also contain intermediate -- 2.30.2