@@ -1227,9 +1227,14 @@ Core Options
12271227 full certificate chain of the specified TLS certificate.
12281228 Specifically, the secure certificate store must contain the root CA
12291229 and any intermediate CA certificates required to build the full
1230- certificate chain to the TLS certificate. Do **not** use
1231- :setting:`net.tls.CAFile` or :setting:`net.tls.clusterFile` to
1232- specify the root and intermediate CA certificate
1230+ certificate chain to the TLS certificate.
1231+
1232+ .. warning::
1233+
1234+ If you use ``net.tls.certificateSelector`` and/or
1235+ :setting:`net.tls.clusterCertificateSelector`, we **do not** recommend
1236+ using :setting:`net.tls.CAFile` or :setting:`net.tls.clusterFile` to
1237+ specify the root and intermediate CA certificate
12331238
12341239 For example, if the TLS certificate was signed with a single root
12351240 CA certificate, the secure certificate store must contain that root
@@ -1266,9 +1271,14 @@ Core Options
12661271 full certificate chain of the specified cluster certificate.
12671272 Specifically, the secure certificate store must contain the root CA
12681273 and any intermediate CA certificates required to build the full
1269- certificate chain to the cluster certificate. Do **not** use
1270- :setting:`net.tls.CAFile` or :setting:`net.tls.clusterCAFile` to
1271- specify the root and intermediate CA certificate.
1274+ certificate chain to the cluster certificate.
1275+
1276+ .. warning::
1277+
1278+ If you use :setting:`net.tls.certificateSelector` and/or
1279+ ``net.tls.clusterCertificateSelector``, we **do not** recommend using
1280+ :setting:`net.tls.CAFile` or :setting:`net.tls.clusterCAFile` to specify
1281+ the root and intermediate CA certificate.
12721282
12731283 For example, if the cluster certificate was signed with a single root
12741284 CA certificate, the secure certificate store must contain that root
0 commit comments