From 3b5c6914d8c0ca8eb0011120382f60822fb060b5 Mon Sep 17 00:00:00 2001 From: Peter Souter Date: Thu, 15 Oct 2020 00:43:07 +0100 Subject: [PATCH] Adds note that it requires a PEM-encoded file (#10145) --- website/pages/docs/configuration/listener/tcp.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/pages/docs/configuration/listener/tcp.mdx b/website/pages/docs/configuration/listener/tcp.mdx index cb29ce802745..10c79f84191b 100644 --- a/website/pages/docs/configuration/listener/tcp.mdx +++ b/website/pages/docs/configuration/listener/tcp.mdx @@ -83,16 +83,16 @@ advertise the correct address to other nodes. insecure communication. - `tls_cert_file` `(string: , reloads-on-SIGHUP)` – - Specifies the path to the certificate for TLS. To configure the listener to - use a CA certificate, concatenate the primary certificate and the CA + Specifies the path to the certificate for TLS. It requires a PEM-encoded file. + To configure the listener to use a CA certificate, concatenate the primary certificate and the CA certificate together. The primary certificate should appear first in the combined file. On `SIGHUP`, the path set here _at Vault startup_ will be used for reloading the certificate; modifying this value while Vault is running will have no effect for `SIGHUP`s. - `tls_key_file` `(string: , reloads-on-SIGHUP)` – - Specifies the path to the private key for the certificate. If the key file - is encrypted, you will be prompted to enter the passphrase on server startup. + Specifies the path to the private key for the certificate. It requires a PEM-encoded file. + If the key file is encrypted, you will be prompted to enter the passphrase on server startup. The passphrase must stay the same between key files when reloading your configuration using `SIGHUP`. On `SIGHUP`, the path set here _at Vault startup_ will be used for reloading the certificate; modifying this value