From 3848a27d31a9b04c8114d0260c4b9a615d83c8cd Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Wed, 22 Oct 2014 13:59:47 +0200
Subject: fix #378

---
 doc-src/ssl.html | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

(limited to 'doc-src/ssl.html')

diff --git a/doc-src/ssl.html b/doc-src/ssl.html
index 91225d79..16aed1dc 100644
--- a/doc-src/ssl.html
+++ b/doc-src/ssl.html
@@ -41,10 +41,26 @@ The files created by mitmproxy in the .mitmproxy directory are as follows:
 Using a custom certificate
 --------------------------
 
-You can use your own certificate by passing the __--cert__ option to mitmproxy.
+You can use your own certificate by passing the <kbd>--cert</kbd> option to mitmproxy. mitmproxy then uses the provided
+certificate for interception of the specified domains instead of generating a cert signed by its own CA.
 
-The certificate file is expected to be in the PEM format. You can generate
-a certificate in this format using these instructions:
+The certificate file is expected to be in the PEM format.
+You can include intermediary certificates right below your leaf certificate, so that you PEM file roughly looks like
+this:
+
+<pre>
+-----BEGIN PRIVATE KEY-----
+&lt;private key&gt;
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+&lt;cert&gt;
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+&lt;intermediary cert (optional)&gt;
+-----END CERTIFICATE-----
+</pre>
+
+For example, you can generate a certificate in this format using these instructions:
 
 <pre class="terminal">
 > openssl genrsa -out cert.key 8192
-- 
cgit v1.2.3


From 8cbb67ac70772ac141fe1891e5fd47dd1cbc978c Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Thu, 13 Nov 2014 23:03:06 +0100
Subject: docs++

---
 doc-src/ssl.html | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'doc-src/ssl.html')

diff --git a/doc-src/ssl.html b/doc-src/ssl.html
index 16aed1dc..3fa0e070 100644
--- a/doc-src/ssl.html
+++ b/doc-src/ssl.html
@@ -71,6 +71,15 @@ For example, you can generate a certificate in this format using these instructi
 </pre>
 
 
+Using a custom certificate authority
+------------------------------------
+
+By default, mitmproxy will (generate and) use <samp>~/.mitmproxy/mitmproxy-ca.pem</samp> as the default certificate
+authority to generate certificates for all domains for which no custom certificate is provided (see above).
+You can use your own certificate authority by passing the <kbd>--confdir</kbd> option to mitmproxy.
+mitmproxy will then look for <samp>mitmproxy-ca.pem</samp> in the specified directory. If no such file exists,
+it will be generated automatically.
+
 Installing the mitmproxy CA
 ---------------------------
 
-- 
cgit v1.2.3