Add note about local overrides.

This commit is contained in:
DJ Lucas 2017-09-21 00:39:18 -05:00
parent bf6d2a8eed
commit 42d0ed55ff

3
README
View File

@ -33,3 +33,6 @@ include this CA into the ca-bundle.crt (used for GnuTLS), it must have
serverAuth trust. Additionally, to explicitly disallow a certificate for a serverAuth trust. Additionally, to explicitly disallow a certificate for a
particular use, replace the -addtrust flag with the -addreject flag. particular use, replace the -addtrust flag with the -addreject flag.
Local trust overrides are handled entirely using the /etc/ssl/local directory.
To override Mozilla's trust values, simple make a copy of the certificate in
the local directory with alternate trust values.