CA-related instructions are on www.ca

diff --git a/install.texi b/install.texi
index 9af1f1ae460be9a70ef2035da05e4b52b7e12e07..891ac9dcfd0dac81a3793378984f9fb7f28333db 100644 (file)
--- a/install.texi
+++ b/install.texi
@@ -53,8 +53,8 @@ GoGOST is also @command{go get}-able. For example to install
 $ go install go.cypherpunks.ru/gogost/v5/cmd/streebog256@@latest
 @end example
 
-@code{go.cypherpunks.ru} uses @code{ca.cypherpunks.ru} X.509 CA
-authority, that may complicate installation:
+Aware that @code{go.cypherpunks.ru} uses
+@url{//www.ca.cypherpunks.ru, ca.cypherpunks.ru} X.509 certificate authority.
 
 @itemize
 
@@ -63,17 +63,8 @@ services won't be able to verify @code{go.cypherpunks.ru}'s TLS
 authenticity, because there are no common trust anchors. You can skip
 their usage by setting @env{$GOPRIVATE=go.cypherpunks.ru}.
 
-@item You can (temporarily) override CA certificate bundle during installation:
-
-@example
-$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem
-$ [fetch|wget] http://www.ca.cypherpunks.ru/cert.pem.@{asc,sig,minisig@}
-$ gpg --auto-key-locate dane --locate-keys stargrave at stargrave dot org
-$ gpg --auto-key-locate  wkd --locate-keys stargrave at gnupg dot net
-$ gpg --verify cert.pem.asc
-$ SSL_CERT_FILE=`pwd`/cert.pem GIT_SSL_CAINFO=`pwd`/cert.pem go get \
-    go.cypherpunks.ru/gogost/v5
-@end example
+@item You can (temporarily) override CA bundle during installation with
+@env{$SSL_CERT_FILE} environment variable.
 
 @item You can unpack tarball somewhere and use @code{replace} command in
 your local @file{go.mod}: