From 41bee457925e8b48f199d87c6548a89d0aa0e5f0 Mon Sep 17 00:00:00 2001 From: Nils Maier Date: Mon, 30 Sep 2013 16:49:10 +0200 Subject: [PATCH] Document WinTLS, AppleTLS, PKCS12 for --certificate --- doc/manual-src/en/aria2c.rst | 42 ++++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 11 deletions(-) diff --git a/doc/manual-src/en/aria2c.rst b/doc/manual-src/en/aria2c.rst index 88589c80..238729a3 100644 --- a/doc/manual-src/en/aria2c.rst +++ b/doc/manual-src/en/aria2c.rst @@ -349,9 +349,26 @@ HTTP Specific Options .. option:: --certificate= - Use the client certificate in FILE. - The certificate must be in PEM format. - You may use :option:`--private-key` option to specify the private key. + Use the client certificate in FILE. The certificate must be + either in PKCS12 (.p12, .pfx) or in PEM format. + + PKCS12 files must contain the certificate, a key and optionally a chain + of additional certificates. Only PKCS12 files with a blank import password + can be opened! + + When using PEM, you have to specify the private key via :option:`--private-key` + as well. + + .. note:: + *WinTLS* does not support PEM files at the moment. Users have to use PKCS12 + files. + + .. note:: + *AppleTLS* users should use the Keychain Access utility to import the client + certificate and get the SHA-1 fingerprint from the Information dialog + corresponding to that certificate. + To start aria2c use `--certificate=` and just omit the + :option:`--private-key` option. .. option:: --check-certificate[=true|false] @@ -931,15 +948,18 @@ RPC Options When using PEM, you have to specify the private key via :option:`--rpc-private-key` as well. Use :option:`--rpc-secure` option to enable encryption. - *WinTLS* does not support PEM files at the moment. Users have to use PKCS12 files. + .. note:: + *WinTLS* does not support PEM files at the moment. Users have to use PKCS12 + files. - *AppleTLS* users should use the Keychain Access utility to first generate a - self-signed SSL-Server certificate, e.g. using the wizard, and get the - SHA-1 fingerprint from the Information dialog corresponding to that new - certificate. - To start aria2c with :option:`--rpc-secure` use - `--rpc-certificate=` and just omit the :option:`--rpc-private-key` - option. + .. note:: + *AppleTLS* users should use the Keychain Access utility to first generate a + self-signed SSL-Server certificate, e.g. using the wizard, and get the + SHA-1 fingerprint from the Information dialog corresponding to that new + certificate. + To start aria2c with :option:`--rpc-secure` use + `--rpc-certificate=` and just omit the :option:`--rpc-private-key` + option. .. option:: --rpc-listen-all[=true|false]