Forward merge branch '4.11' (PR #51)
diff --git a/source/hosts.rst b/source/hosts.rst
index 4ea93ee..70d8da5 100644
--- a/source/hosts.rst
+++ b/source/hosts.rst
@@ -740,3 +740,10 @@
keystore-setup <properties file> <keystore file> <passphrase> <validity> <csr file>
keystore-cert-import <properties file> <keystore file> <mode: ssh|agent> <cert file> <cert content> <ca-cert file> <ca-cert content> <private-key file> <private key content:optional>
+
+Starting 4.11.1, a KVM host is considered secured when it has its keystore and
+certificates setup for both the agent and libvirtd process. A secured host will
+only allow and initiate TLS enabled live VM migration. This requires libvirtd
+to listen on default port 16514, and the port to be allowed in the firewall
+rules. Certificate renewal (using the `provisionCertificate` API) will restart
+both the libvirtd process and agent after deploying new certificates.
diff --git a/source/virtual_machines.rst b/source/virtual_machines.rst
index d825b9e..b33a4c3 100644
--- a/source/virtual_machines.rst
+++ b/source/virtual_machines.rst
@@ -1038,7 +1038,7 @@
.. sourcecode:: bash
- wget http://downloads.sourceforge.net/project/cloudstack/SSH%20Key%20Gen%20Script/cloud-set-guest-sshkey.in?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fcloudstack%2Ffiles%2FSSH%2520Key%2520Gen%2520Script%2F&ts=1331225219&use_mirror=iweb
+ wget https://raw.githubusercontent.com/apache/cloudstack/master/setup/bindir/cloud-set-guest-sshkey.in
#. Copy the file to /etc/init.d.
