From 42d0ed55ff81a78bc31d26b767728a63d8b467d0 Mon Sep 17 00:00:00 2001 From: DJ Lucas Date: Thu, 21 Sep 2017 00:39:18 -0500 Subject: [PATCH] Add note about local overrides. --- README | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README b/README index 181413b..658681e 100644 --- a/README +++ b/README @@ -33,3 +33,6 @@ include this CA into the ca-bundle.crt (used for GnuTLS), it must have serverAuth trust. Additionally, to explicitly disallow a certificate for a particular use, replace the -addtrust flag with the -addreject flag. +Local trust overrides are handled entirely using the /etc/ssl/local directory. +To override Mozilla's trust values, simple make a copy of the certificate in +the local directory with alternate trust values.