Index: doc/src/sgml/runtime.sgml
===================================================================
RCS file: /projects/cvsroot/pgsql-server/doc/src/sgml/runtime.sgml,v
retrieving revision 1.281
diff -u -r1.281 runtime.sgml
--- doc/src/sgml/runtime.sgml	17 Sep 2004 22:40:46 -0000	1.281
+++ doc/src/sgml/runtime.sgml	22 Sep 2004 06:45:13 -0000
@@ -4353,6 +4353,24 @@
    to turn the certificate into a self-signed certificate and to copy the
    key and certificate to where the server will look for them.
   </para>
+
+  <para>
+   If verification of client certificates is required, place the
+   certificates of the <acronym>CA</acronym> you wish to check for in
+   the file <filename>root.crt</filename> in the data directory.  When
+   present, a client certificate will be requested from the client
+   making the connection and it must have been signed by one of the
+   certificates present in <filename>root.crt</filename>.  If no
+   certificate is presented, the connection will be allowed to proceed
+   anway.
+  </para>
+
+  <para>
+   The <filename>root.crt</filename> file is always checked for, and
+   its absence will be noted through a message in the log.  This is
+   merely an informative message that client certificates will not be
+   requested.
+  </para>
  </sect1>
 
  <sect1 id="ssh-tunnels">