From 2547014c375f0e26ace95aa9f5615973d74e1e32 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 19 Nov 2024 15:21:00 +0200
Subject: [PATCH] doc: update ACME PKI issuer documentation for authority ID
 support

Fixes: https://github.com/dogtagpki/pki/issues/4902

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
 .../acme/Configuring-ACME-with-PKI-Issuer.adoc    | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/docs/installation/acme/Configuring-ACME-with-PKI-Issuer.adoc b/docs/installation/acme/Configuring-ACME-with-PKI-Issuer.adoc
index e3b73b37a77..f90c55f7196 100644
--- a/docs/installation/acme/Configuring-ACME-with-PKI-Issuer.adoc
+++ b/docs/installation/acme/Configuring-ACME-with-PKI-Issuer.adoc
@@ -40,6 +40,21 @@ To use client certificate authentication, specify the client certificate nicknam
 To use basic authentication, specify the username in the *username* parameter
 and the password in the *password* parameter.
 
+## Configuring CA authority
+
+PKI issuer can direct ACME enrollment requests to the specific CA authority.
+The authority can be specified either by using its ID or LDAP DN as part of the
+`issuer.conf` with `authority-id` or `authority-dn` parameters. These
+parameters can also be added with the following command:
+
+----
+$ pki-server acme-issuer-mod --type pki \
+    -Dauthority-id=some-ID
+----
+
+By default PKI issuer does not pass any authority ID or LDAP DN, meaning the
+request would be handled by the main CA.
+
 ## See Also
 
 * link:Configuring_ACME_Issuer.md[Configuring ACME Issuer]