From 992b1a8d882e430a5daac15438bf4c469fcb8394 Mon Sep 17 00:00:00 2001
From: danielehc <40759828+danielehc@users.noreply.github.com>
Date: Fri, 23 Aug 2019 16:09:41 +0200
Subject: [PATCH] Update agent.html.markdown.erb (#6380)

Adding a note on how to make Consul trust S3-compatible storage that expose a self-signed certificate.
---
 website/source/docs/commands/snapshot/agent.html.markdown.erb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/website/source/docs/commands/snapshot/agent.html.markdown.erb b/website/source/docs/commands/snapshot/agent.html.markdown.erb
index e0d4ce177..5aa7fe32d 100644
--- a/website/source/docs/commands/snapshot/agent.html.markdown.erb
+++ b/website/source/docs/commands/snapshot/agent.html.markdown.erb
@@ -218,6 +218,10 @@ Note that despite the AWS references, any S3-compatible endpoint can be specifie
 
 * `-aws-s3-kms-key` -  Optional Amazon KMS key to use, if this is not set the default KMS master key will be used. Set this if you want to manage key rotation yourself.
 
+   -> When using a S3-compatible storage exposing a self-signed certificate the agent will not be able to perform 
+   the snapshot operations unless the CA used to sign the storage certificate is trusted by the node running 
+   the agent. You can add the CA root certificate to the OS trust store to have Consul trust the storage endpoint.
+   
 #### S3 Required Permissions
 
 Different S3 permissions are required depending on the configuration of the snapshot agent. In particular extra permissions are required when