From 6f9f926cc5c8f53c1c1924e307a57f8ddf70b9e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= <thorsten.rossner.extern@zendis.de>
Date: Thu, 18 Sep 2025 07:28:51 +0200
Subject: [PATCH] docs(self-signed-certificates): Update "Option 1" regarding
 the JKS secret

---
 docs/enhanced-configuration/self-signed-certificates.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/enhanced-configuration/self-signed-certificates.md b/docs/enhanced-configuration/self-signed-certificates.md
index d15c3cae..db7ede06 100644
--- a/docs/enhanced-configuration/self-signed-certificates.md
+++ b/docs/enhanced-configuration/self-signed-certificates.md
@@ -50,6 +50,10 @@ CA certificate as X.509 encoded (`ca.crt`) and as jks trust store (`truststore.j
 5. Create a Kubernetes secret with name `opendesk-certificates-keystore-jks` with key `password` and as value the jks
 trust store password.
 
+> **Note**<br>
+> XWiki does not support the use of an existing secret to access the keystore. Therefore you have to set the password
+> from step 5 also as `secrets.certificates.password`.
+
 ## Option 2a: Use cert-manager.io with auto-generated namespace based root-certificate
 
 This option is useful when you do not have a trusted certificate available and can't fetch a certificate from