Add note about local overrides.

2017-09-21 00:39:18 -05:00 · 2017-09-21 00:39:18 -05:00 · 42d0ed55ff
commit 42d0ed55ff
parent bf6d2a8eed
1 changed files with 3 additions and 0 deletions
--- a/3
+++ b/3
@ -33,3 +33,6 @@ include this CA into the ca-bundle.crt (used for GnuTLS), it must have
 serverAuth trust. Additionally, to explicitly disallow a certificate for a
 particular use, replace the -addtrust flag with the -addreject flag.

+Local trust overrides are handled entirely using the /etc/ssl/local directory.
+To override Mozilla's trust values, simple make a copy of the certificate in
+the local directory with alternate trust values.