From 4242f196e9ce3a463db1c79391a970587b19030e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20tom=20W=C3=B6rden?= <h.tomwoerden@indiscale.com>
Date: Wed, 9 Dec 2020 16:19:37 +0000
Subject: [PATCH] DOC: note on cert

---
 README_SETUP.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README_SETUP.md b/README_SETUP.md
index 4b6b7bfb..244121ee 100644
--- a/README_SETUP.md
+++ b/README_SETUP.md
@@ -75,7 +75,8 @@ server:
    - `keytool -genkey -keyalg RSA -alias selfsigned -keystore caosdb.jks -validity 375 -keysize 2048 -ext san=dns:localhost`
      Replace `localhost` by your host name, if you want.
    - `keytool -importkeystore -srckeystore caosdb.jks -destkeystore caosdb.p12 -deststoretype PKCS12 -srcalias selfsigned`
-   - `openssl pkcs12 -in caosdb.p12 -nokeys -out cert.pem`
+   - Export the public part only: `openssl pkcs12 -in caosdb.p12 -nokeys -out cert.pem`.
+	 The resulting ``cert.pem` can safely be given to users to allow ssl verification.
    - You can check the content of the certificate with `openssl x509 -in cert.pem -text`
 
    Alternatively, you can create a keystore from certificate files that you already have:
-- 
GitLab