Document WinTLS, AppleTLS, PKCS12 for --certificate

doc/manual-src/en/aria2c.rst

@@ -349,9 +349,26 @@ HTTP Specific Options
 
 .. option:: --certificate=<FILE>
 
-  Use the client certificate in FILE.
+  Use the client certificate in FILE. The certificate must be
-  The certificate must be in PEM format.
+  either in PKCS12 (.p12, .pfx) or in PEM format.
-  You may use :option:`--private-key` option to specify the private key.
+
+  PKCS12 files must contain the certificate, a key and optionally a chain
+  of additional certificates. Only PKCS12 files with a blank import password
+  can be opened!
+
+  When using PEM, you have to specify the private key via :option:`--private-key`
+  as well.
+
+  .. note::
+    *WinTLS* does not support PEM files at the moment. Users have to use PKCS12
+    files.
+
+  .. note::
+    *AppleTLS* users should use the Keychain Access utility to import the client
+    certificate and get the SHA-1 fingerprint from the Information dialog
+    corresponding to that certificate.
+    To start aria2c use `--certificate=<SHA-1>` and just omit the
+    :option:`--private-key` option.
 
 .. option:: --check-certificate[=true|false]
 
@@ -931,8 +948,11 @@ RPC Options
   When using PEM, you have to specify the private key via :option:`--rpc-private-key`
   as well. Use :option:`--rpc-secure` option to enable encryption.
 
-  *WinTLS* does not support PEM files at the moment. Users have to use PKCS12 files.
+  .. note::
+    *WinTLS* does not support PEM files at the moment. Users have to use PKCS12
+    files.
 
+  .. note::
     *AppleTLS* users should use the Keychain Access utility to first generate a
     self-signed SSL-Server certificate, e.g. using the wizard, and get the
     SHA-1 fingerprint from the Information dialog corresponding to that new