doc: Add --cacert to REST section

2017-11-26 10:09:54 +01:00 · 2017-11-26 10:09:54 +01:00 · abde9e2fba
parent 6a4a328bbc
commit abde9e2fba
1 changed files with 5 additions and 4 deletions
--- a/doc/030_preparing_a_new_repo.rst
+++ b/doc/030_preparing_a_new_repo.rst
@ -135,10 +135,11 @@ are some more examples:
    $ restic -r rest:https://user:pass@host:8000/
    $ restic -r rest:https://user:pass@host:8000/my_backup_repo/

-If you use TLS, make sure your certificates are signed, 'cause restic
-client will refuse to communicate otherwise. It's easy to obtain such
-certificates today, thanks to free certificate authorities like `Let’s
-Encrypt <https://letsencrypt.org/>`__.
+If you use TLS, restic will use the system's CA certificates to verify the
+server certificate. When the verification fails, restic refuses to proceed and
+exits with an error. If you have your own self-signed certificate, or a custom
+CA certificate should be used for verification, you can pass restic the
+certificate filename via the `--cacert` option.

 REST server uses exactly the same directory structure as local backend,
 so you should be able to access it both locally and via HTTP, even