Update root-certificates.md

schwzr · web-flow · commit b0e6f988836a · 2025-05-19T12:07:05.000+02:00
diff --git a/docs/src/v1.7.1/maintain/root-certificates.md b/docs/src/v1.7.1/maintain/root-certificates.md
@@ -5,6 +5,10 @@ icon: safe
 
 A number of trusted certificate authorities (CAs) are included in the DSF docker images [fhir_proxy](https://github.com/datasharingframework/dsf/pkgs/container/fhir_proxy), [fhir](https://github.com/datasharingframework/dsf/pkgs/container/fhir), [bpe_proxy](https://github.com/datasharingframework/dsf/pkgs/container/bpe_proxy) and [bpe](https://github.com/datasharingframework/dsf/pkgs/container/bpe) by default. Root and intermediate certificates as well as the configured usage of issuing CAs as either **server**, **client** oder **server and client** CA are listed at the end.
 
+:::info
+Please ensure that you are using an organization-validated certificate (OV). We check for the presence of certain elements in the FHIR proxy. These are not set for domain-validated (DV) certificates. DV-validated certificates cannot be used in the standard setup.
+:::
+
 ## Extending or Replacing Trusted Certificate Authorities
 X.509 certificates of default trusted CAs are stored as .pem files containing multiple certificates in the docker images and can be replaced by either using docker [bind mounts](https://docs.docker.com/engine/storage/bind-mounts) or configuring appropriate environment variables with different targets.
 
@@ -182,4 +186,4 @@ If not mentioned explicitly, issuing CAs listed will sign X.509 certificates wit
       Not after: Jun 19 08:15:51 2034 GMT
     * Issuing CA: **D-TRUST Limited Basic CA 1-3 2019** [client certificates via TMF e.V.]
       X509 Certificate: https://www.d-trust.net/cgi-bin/D-TRUST_Limited_Basic_CA_1-3_2019.crt
-      Not after: Jun 19 08:15:51 2034 GMT
+      Not after: Jun 19 08:15:51 2034 GMT
