Note about certificates added to CA section in ipsec.conf man page.

author Tobias Brunner <tobias@strongswan.org>

Wed, 4 May 2011 16:23:00 +0000 (18:23 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Thu, 5 May 2011 08:30:51 +0000 (10:30 +0200)
author Tobias Brunner <tobias@strongswan.org>
Wed, 4 May 2011 16:23:00 +0000 (18:23 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Thu, 5 May 2011 08:30:51 +0000 (10:30 +0200)
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in

index 60b6d17..2951004 100644 (file)
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -1043,8 +1043,11 @@ is not given, the
  of this connection will be used as peer ID.
  
  .SH "CA SECTIONS"
-This are optional sections that can be used to assign special
-parameters to a Certification Authority (CA).
+These are optional sections that can be used to assign special
+parameters to a Certification Authority (CA). Because the daemons
+automatically import CA certificates from \fI/etc/ipsec.d/cacerts\fP,
+there is no need to explicitly add them with a CA section, unless you
+want to assign special parameters (like a CRL) to a CA.
  .TP
  .BR also " = <name>"
  includes ca section
author	Tobias Brunner <tobias@strongswan.org>
	Wed, 4 May 2011 16:23:00 +0000 (18:23 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Thu, 5 May 2011 08:30:51 +0000 (10:30 +0200)