From d8b70f0e4cf550730c2d00bdaa4589a6e1647627 Mon Sep 17 00:00:00 2001
From: Steven Deaton <sdeaton2@gmail.com>
Date: Mon, 1 Sep 2014 03:05:22 -0500
Subject: [PATCH] Added verbiage elaborating on what files are needed for
 pki_setup.

Further explained what is needed and needing copied when setting
this up.

Change-Id: Ia9fc9f4f142bd322c61bb398dd3e42df7b3c69c7
Closes-Bug: #1321000
---
 doc/common/section_keystone_certificates-for-pki.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/common/section_keystone_certificates-for-pki.xml b/doc/common/section_keystone_certificates-for-pki.xml
index cc5d1cc1e5..059b61b47e 100644
--- a/doc/common/section_keystone_certificates-for-pki.xml
+++ b/doc/common/section_keystone_certificates-for-pki.xml
@@ -222,6 +222,15 @@ emailAddress            = keystone@openstack.org
             <para>Make sure the certificate directory is only
                 accessible by root.</para>
         </note>
+        <note>
+            <para>The copying of the key and cert files may be better done
+                after first running <command>keystone-manage pki_setup</command>
+                since this command also creates other needed files, such
+                as the <filename>index.txt</filename> and <filename>serial</filename> files.</para>
+            <para>Also, when copying the necessary files to a different server
+                for replicating the functionality, the entire directory of
+                files is needed, not just the key and cert files.</para>
+        </note>
         <para>If your certificate directory path is different from the
             default <filename>/etc/keystone/ssl/certs</filename>, make
             sure it is reflected in the <literal>[signing]</literal>