- * Acceptable options are sha1, sha256 and sha512. Networks running versions of charybdis
- * prior to charybdis 3.5 MUST use sha1 for certfp_method.
+ * Acceptable options are sha1, sha256, spki_sha256, sha512 and spki_sha512. Networks
+ * running versions of charybdis prior to charybdis 3.5 MUST use sha1 for certfp_method.
+ *
+ * The spki_* variants operate on the SubjectPublicKeyInfo of the certificate, which does
+ * not change unless the private key is changed. This allows the fingerprint to stay
+ * constant even if the certificate is reissued. These fingerprints will be prefixed with
+ * "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type. These fingerprints
+ * are not supported on servers running charybdis 3.5.3 or earlier.
+ *
+ * To generate a fingerprint from a certificate file, please use the mkfingerprint utility
+ * program located in the bin/ subdirectory of your IRCd installation. Running it with no
+ * arguments will give you a brief usage message; it takes method and filename arguments.